Configure the Certificates
With connectivity now configured, you need to set up a server certificate, which will be presented by the Auth Proxy during the SSL inspection. This certificate must be issued from a valid CA. For example, in the O365 Active Auth flow, the O365 cloud directly communicates with the Auth Proxy.
Note
Make sure that the Auth Server's server certificate uses a fully-qualified domain name as the common name.
To configure the certificates:
Enter the command:
set dataplane auth-proxy ssl-proxy server-cert
Copy and paste your server certificate (only one public key section).
Press Enter, then enter Ctrl-D to exit.
Enter the command:
set dataplane auth-proxy ssl-proxy server-key
Copy and paste your private key.
Press Enter, then enter Ctrl-D to exit.
Enter the command:
set dataplane auth-proxy ssl-proxy server-intermediate-ca-chain
Copy and paste any intermediate certificates.
Press Enter, then enter Ctrl-D to exit.
Configure the auth server host-IP mapping. Auth Proxy frontends the authentication and must communicate with the external interface of the auth server. To ensure this happens for users coming from outside your network, you must configure the external interface host-IP mapping of your auth server using the following commands:
set dataplane auth-proxy adfs-hostname set dataplane auth-proxy adfs-public-ip
The healthcheck is complete. Use the following command to disable the healthcheck:
set healthcheck enable false
You must save the configuration. Save the configuration using the
savecommand, and then press Enter.