On the firewall, you must
install the certificate and private key
for each server for which you want to perform SSL Inbound Inspection.
The TLS versions that your web server supports determine how you
should install the server certificate and key on the firewall. If
your web server supports TLS 1.2 and Rivest, Shamir, Adleman (RSA)
or Perfect Forward Secrecy (
PFS) key exchange algorithms
and
your
end-entity (leaf) certificate is signed by intermediate certificates,
we recommend
uploading a certificate chain (a
single file) to the firewall. Uploading the chain avoids client-side
server certificate authentication issues.