I am in the planning phase for rolling out DPI-SSL on our SonicWall. I have found two conflicting suggestions on creating a custom DPI-SSL certificate and am having trouble identifying any pros/cons to each approach.
Method #1: This can be seen at 18:00 mark in this videohttps://youtu.be/ZxwhpHh7Los?t=1080
What is suggested is basically to export the root AD CA certificate, and then use that as the SonicWall DPI-SSL certificate.
Method # 2:https://www.sonicwall.com/support/knowledge-base/170503319041199/
Summary: Import AD CA certificate as trusted CA on SonicWall. Create CSR on SonicWall and have AD CA sign the certificate. Assign this for use with DPI-SSL.
Are there any major benefits/downsides to one or the other?