cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jay5
Level 8
Report Inappropriate Content
Message 1 of 2

How MWG handles https traffic

Our MWG device has enabled the SSL scanning function, and the client needs to import the CA certificate to access the HTTPS site normally. I would like to ask, how does MWG handle the client's request to access the https site? Are there the private keys of these https servers on MWG?

1 Reply
asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: How MWG handles https traffic

Hi,

MWG acts as a "Man in the middle" here. You configure a CA on the MWG and provide the private key for this CA. With the CA MWG is now able to create server certificates.

When you go to https://www.google.com MWG connects to www.google.com, obtains the original certificate from Google, copies some attributes (such as Common Name and Subject Alternative Names) from it and checks if the certificate is valid. 

Then MWG creates a new server certificate with these values, signs it with the CA you have configured and submits this certificate as the certificate for this connection to the browser. The browser sees the certificate, sees it is signed by the CA you imported, and since the CA is trusted in the browser the certificate is accepted.

Now you have the connection between client and MWG signed with the certificate MWG created and the connection between MWG and the server is signed with the original certificate from Google.

Through this channel the communication is done.

Best,
Andre

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community