cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Client Certificate Authentication, Works but Not as Expected

First, I'm really dissapointed with this new Lithium forum engine, and the lack of notification features.  And, I posted a commented to the old Jive version of the discussion, and I don't know if anyone got notified about it.  I would be tickled pink if the forum was reverted back to Jive.

My original comment is here: https://community.mcafee.com/t5/Web-Gateway/Using-client-certficates-for-authentication-on-wg-7-2-0-...

But, I'll restate it here if it were preferred that this be a new discussion.

This client certificate authentication configuration gave me some serious headaches, but I seem to have gotten it working. I'll have to post some of my findings when I finish testing.

But, I need to confirm: it seems to be working without opening a separate port. Rule traces and packet traces confirms this. I've also disabled the extra port, and it's authenticating. The redirection happens, but the port on the URL isn't picked up by the browser, which is what the browser is supposed to send to the proxy as the destination, and I don't see how the browser is supposed to be told to redirect to a different proxy.

Yet, I can see the certificate exchange on the main proxy port, though Wireshark won't interpret it as such as an SSL certificate exchange. I have to read the certificate DN through the binary dump.

So, does this make sense, or am I looking in the wrong places?