130
Copy local CA revocation list to VPN server
If SX-GATE's VPN server uses certificates issued by its own CA, you can transfer the
current certificate revocation list (CRL) into the VPN server here. A CRL offers the
possibility to invalidate a certificate before it expires. This is useful if for example an
employee leaves the company and VPN access has to be denied.
12.4.1-C
SSL proxy CA
The SSL interceptor feature of SX-GATE's web proxy allows virusscanning of
encrypted connections by breaking them open. Instead of delivering the original web
server certificate, a locally generated certificate with the same contents is presented to
the client. These proxy certificates need to be signed by a dedicated certificate authority
(CA) which can be created here.
For security reasons the CA certificate is not saved along with
the SX-GATE backup. Use the export function on this screen to
download and save a password protected copy.
Export public key
Here you can download the CA certificate's public key. It should be installed in all
browser clients.
Backup proxy key-pair
The key pair of SX-GATE's proxy CA can be exported in PKCS#12 format to save a
backup. Please note that this export also contains the private key which must remain
completely secret.
Create a new or import a proxy certificate
This feature allows you to create a new proxy CA certificate or you can restore the CA
certificate from a backup file.
A CA certificate which was created by SX-GATE will be valid
for 20 years. Generally it does not make sense to issue a new
certificate long before the old one expires. Except of course the
privacy of the certificate can no longer be guaranteed.