< Home

app-proxy ca trust

Function

The app-proxy ca trust command specifies the CA certificate used by the FW to verify the server certificate in SSL decryption.

Format

app-proxy ca trust filename file-name

Parameters

Parameter Description Value
filename file-name Specifies the name of the CA certificate. The CA certificate must exist on the device.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

In SSL decryption, the FW must verify the server certificate using the specified CA certificate. Before specifying the CA certificate, ensure that the CA certificate to be specified has been imported to the device. For details on how to import a CA certificate, see CA Certificate.

A maximum of 32 CA certificate can be specified. If no CA certificate is specified, the FW considers the server certificate invalid. Then, the FW sends the client a temporary certificate signed by an SSL decryption certificate that is marked untrusted.

Example

# Set the CA certificate used by the FW to verify the server certificate in SSL decryption to ca.cer. 

<sysname> system-view
[sysname] app-proxy ca trust filename ca.cer
Parent Topic: SSL-Encrypted Traffic Detection Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >