Configure Captive Portal Part 4: Create an SSL Decrypt-Resign Policy
This part of the procedure discusses how to create an SSL access policy to decrypt and resign traffic before the traffic reaches the captive portal. The captive portal can authenticate traffic only after it has been decrypted.
Before you begin
For an overview of the entire captive portal configuration, see How to Configure the Captive Portal for User Control.
Procedure
| Step 1 | If you haven't done so already, log in to the CDO. |
| Step 2 | If you haven't done so already, create a certificate object to decrypt SSL traffic as discussed in PKI Objects. |
| Step 3 | Click . |
| Step 4 | Click New Policy. |
| Step 5 | Enter a Name and choose a Default Action for the policy. Default actions are discussed in SSL policy Default Actions. |
| Step 6 | Click Save. |
| Step 7 | Click Add Rule. |
| Step 8 | Enter a Name for the rule. |
| Step 9 | From the Action list, choose Decrypt - Resign. |
| Step 10 | From the with list, choose your PKI object. |
| Step 11 | Click Users. |
| Step 12 | Above the Available Realms list, click Refresh
( |
| Step 13 | In the Available Realms list, click Special Identities. |
| Step 14 | In the Available Users list, click Unknown. |
| Step 15 | Click Add to Rule. The following figure shows an example.  |
| Step 16 | (Optional.) Set other options as discussed in TLS/SSL Rule Conditions. |
| Step 17 | Click Add. |
| Step 18 | At the top of the page, click Save. |
)What to do next
Continue with Configure Captive Portal Part 5: Associate Identity and SSL Policies with the Access Control Policy.