When CA DataMinder Network is installed, two master root certificates are created, a trusted certificate and an untrusted or revoked certificate. These are the NBA master certificates. Throughout this guide, the term ‘master certificate’ refers to these root certificates generated by the NBA.
To permit CA DataMinder Network to decode SSL communications sent by a client, the client must trust the master certificate. You establish this trust by distributing the NBA master certificate to all client machines in your organization where you want the ability to decrypt SSL communications. This process is essential for SSL decoding.
But first, you must customize the master root certificates with your preferred certificate details.
Why customize the master certificate details?
If the trusted master certificate of the NBA is installed on the client, the user sees no discernible difference when browsing to web sites over SSL connections. But if they examine the certificate behind the connection (by clicking the padlock icon in the browser address bar), they see the certificate signing authority. For example, if they browse to the GMail website they can see that the www.google.com website is verified by VeriSign.
By default, however, the NBA master certificates use 'CA DataMinder' as the common name. So if the NBA intercepts an SSL connection to the GMail web site, the user would see that www.google.com is verified by CA DataMinder. We recommend that you change this name to the name of your organization.
|
Copyright © 2014 CA.
All rights reserved.
|
|