Forward Trust (Used for SSL Forward Proxy decryption) | The certificate the firewall presents to
clients during decryption if the site the client is attempting to
connect to has a certificate signed by a CA that the firewall trusts.
To configure a Forward Trust certificate on the firewall to present
to clients when the server certificate is signed by a trusted CA,
see Configure
SSL Forward Proxy. By default, the firewall determines
the key size to use for the client certificate based on the key
size of the destination server. However, you can Configure the Key Size for SSL Proxy Server
certificates. For added security, consider storing the private key
associated with the Forward Trust certificate on a hardware security
module (see Store Private Keys on an HSM).
Back up the private key associated with
the firewall’s Forward Trust CA certificate (not the firewall’s
master key) in a secure repository so that if an issue occurs with
the firewall, you can still access the Forward Trust CA certificate.
For added security, consider storing the private key associated
with the Forward Trust certificate on a hardware security module
(see Store Private Keys on an HSM).
|