- By default, OS appliances will self-generate its own Certificate Authority to self-sign all client-side connections connection
- To allow for OS to ‘silently’ intercept SSL Traffic, there is a need to find a way to prevent the client-side browser from ‘warning’ about the OS’ non-certified, self-signed Certificate Authority
- The solution can provide a vehicle through which ‘Active Content’ can be downloaded on endpoint
- LEA is responsible to source ‘active content’ that once downloaded to an endpoint, is capable of ‘activating and installing’ a trusted certificate authority in the endpoint browser
- Recommendation:
–Trusted Root Certificate is used by OS appliances, OR,
–OS appliances continue to operate as non-certified Certificate Authority (CA) with stealth download and install of OS appliance’s certificate into ‘target’