New Proxy Authority Certificate doesn't work

currently have the problem that when I generate a CSR for a new Proxy Authority Certificate and have it countersigned by our internal PKI, I get an error message when importing the certificate that the Root CA is required. But this is already imported.
I do not know where this error is currently located.

Answers

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @Daniel_P30
    The firewall likely doesn't trust the chain. Try importing the root cert from your CA as "webserver/other" and then any intermediaries (if they exist) as "webserver/other"

    The firewall only looks there to build the chain for imported certs.

    If you still can't get it to install, I'd suggest opening a case so that support can look at it with you.

    -James Carson
    WatchGuard Customer Support

  • Hi @James_Carson
    Thanks for your answer. But very strange ist when I try to import the Proxy Authority Ca over the WEB GUI or Systemanager I always the prolem when I am sekd to import the CA root that this fild is empot again afoter importing the CA root. How can this be?

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @Daniel_P30

    The firewall won't trust the cert by default unless the root (and any intermediary/leaf cert) in the chain are installed. You should only need to install them once, but resetting the firewall to factory defaults may be erasing them if you did that at any point.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.