Cloud NGFW for Azure
Add a Certificate to Cloud NGFW for Azure
Table of Contents
Add a Certificate to Cloud NGFW for Azure
Learn how to add a certificate to Cloud NGFW for Azure.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Cloud NGFW uses certificates to enable outbound decryption. These certificates are
stored in the Azure Key Vault.
Only self-signed and root CA signed certificates are
currently supported for decryption. Chained certificates are not supported.
To add a certificate, familiarize yourself with how rulestacks work.
- Click the Local Rulestacks icon from the homepage and select a previously created rulestack on which you wish to create a certificate.Click Certificates on the left pane and click Add. The Add Certificate List pane opens.Enter a descriptive Name for your certificate.( optional) Enter a description for your certificate.If the certificate is self-signed, check Self-Signed Certificate.If the certificate isn't self-signed, then obtain the Certificate URI by navigating to and copy-paste the Secret Identifier URI in Certificate URI.( optional) In the Certificate source field, choose the respective option: Select from Key vault or Paste URI.Click Add.Create a managed identity in the same resource group as the Key Vault. See, Create a user-assigned managed identity.Navigate to Azure Key Vault> Access Policies.Click Create to configure an access policy that assigns Key Vault Certificates Officer and Key Vault Secrets User to the managed identity created in step 9.
