Folks,
we are trying to do Https inspection on firewall , created CSR from firewall and got signed from 3rd party root CA.
but still https logs shows that client doent have root ca installed.
In client browser the 3rd party root ca is already there in trusted root ca .
do we need to import the certificate on client ?
as per my understanding if the CSR is signed from 3rd party trusted root CA then there is no need to import the certificate on client as the client already have the root ca in browser store.
Any thoughts
the firewall itself needs to be the root ca (or sub ca), and all your clients need to trust this root ca (or sub ca) certificate of your firewall.
You won't get a ca certificate from a 3rd party provider.