CLI Configuration Inbound Example

For inspecting inbound SSL sessions, the server’s key pair must be installed in the key store and the inline SSL profile must have the corresponding key map configured.

The primary MitM CA is not mandatory for an inbound deployment.

Most of the steps for an inbound deployment are the same as the outbound deployment, with the following exceptions:

■   Skip step 1 and step 2. Instead, use the following CLI command to download private keys:

(config) # apps keystore rsa server_chain_001 pkcs12 download url <URL>

The supported formats for <URL> are HTTP, FTP, TFTP, SCP, and SFTP.

For example:

(config) # apps keystore rsa server_chain_001 pkcs12 download url sftp://test:mytest@10.10.10.10/home/test/ssldecrypt/keys/srv1k.pfx

■   When configuring the inline SSL profile in step 4, include the following CLI command to create a key map entry:

(config apps inline-ssl profile alias sslprofile) # keymap add server server_chain_001 key server_chain_001