I am trying to understand the difference between a digital signature from a site and a root certificate authority so that I can use it within Websense Content Gateway. What is the difference?
This question may come up from time to time in where you need to verify what the difference is between the Digital Certificate purchased for a website and why it will not work as a Root Certificate Authority within the Websense Content Gateway. Please see below for how to discern the difference.
Below is a valid cert to be imported into the WCG. It is important to note the Key Usage properties must include Certificate Signing. Off-line CRL Signing, and CRL Signing (86) .
Here is an example of a Digital Certificate which cannot
be used as a Root CA cert. The certificate is “signed” to a single server and is only valid for content from that server. (below example is from chase.com)
The main difference between the two: A Digital Certificate is only valid for the server it’s issued to .
It cannot be used to identify any other servers. A Certificate Signing cert can be used to sign certificates for ANY server, which is what WCG requires. WCG is saying “This cert is good for this HTTPS site you are visiting” no matter what the https URL is.
Note: To confirm that SSL /inspection is working - always check the issuer of the the certificate - if the proxy/WCG is inspecting the traffic, the certificate will be issued by the WCG.