Certificate and Decryption for Proxy¶
In the previous section, we setup a HTTP plain text traffic and egressed to http://www.google.com. In this section we will setup a certificate and a decryption profile so that Valtix Gateway can inspect traffic going out on TLS to https://www.google.com
Certificate¶
Create/Import a certificate that will be used to sign the certificates from the external hosts and forwards to the clients. This certificate must be installed on all the app/client instances as a trusted root CA to avoid TLS certificate errors. For the tutorial purposes, we will generate a self-signed certificate. We will also ignore the TLS errors on the client machines.
Self-Signed Certificate¶
- Navigate to Manage -> Certificates
- Click Create
- Choose Generate (Self-signed) as the Method
- Click Generate
- Provide a Name (e.g egress-self-signed)
- Click Save
Decryption Profile¶
Once the certificate is created, create a decryption profile that uses this certificate
- Go to Manage -> Decryption
- Click Create
- Provide a name (e.g egress-tls-profile*)
- In the Method dropdown choose Select Existing
- In the certificate dropdown choose the certificate created above (e.g egress-self-signed)
- Click Save