cancel
Showing results for 
Search instead for 
Did you mean: 
northalpha
Level 7

Howto add new certificate authorities?

Hi all,

i am very new to MWG but i have a question howto add some new CAs to pur 7.0.2 Test Env. Right now we have some issues with some random pages with CAs from GoDaddy, VeriSign etc. The URL (for example) is: https://www.ultraedit.com/store/

cert_error.jpg

So basicly there was something like "Inspect Certificate" and "Add CA" in the old Webwasher times. The question is: How do i add CAs with i am trusting or HAVE TO trust like self signed stuff. Even if they are "untrusted"?

Message was edited by: northalpha on 1/14/11 3:02:52 AM CST
0 Kudos
19 Replies
eelsasser
Level 15

Re: Howto add new certificate authorities?

You add new CAs to your certificate Chain list:

Capture.JPG

I have a personal, more comprehensive list of CAs that I've accumulated over the years if you want to use them.

0 Kudos
northalpha
Level 7

Re: Howto add new certificate authorities?

Yes that would be very nice to have.

But overall even we are adding these CAs we get the Error messages. Something i think i made completly wrong

0 Kudos
sec-wartung
Level 7

Re: Howto add new certificate authorities?

Hi,

can you give me your personal more comprehensive list of CAs? Is the CRL updated in a new version of webgateway? Or is there no update cycle and we should add missing CRLs?

Thanks for reply.

0 Kudos
eelsasser
Level 15

Re: Howto add new certificate authorities?

Send me your email and I will attach them.

It is my own personal list of CAs that I have accumulated over the years from working with customers that have reported them to me.

I make no warranty of their validity, and please review them and remove any you don't desire.

Erik_Elsasser@McAfee.com

0 Kudos
seebvey
Level 10

Re: Howto add new certificate authorities?

Hi,

how can i generally update the list of certificate authorities?

Is the list of CA's also updated when i do a software update?

regards

seebvey

0 Kudos
asabban
Level 17

Re: Howto add new certificate authorities?

At the moment the update is done with a software update. We are planning to have this a seperate, McAfee controlled process in the future.

Best,

Andre

Troja
Level 14

Re: Howto add new certificate authorities?

Hi Andre,

is it possible to import the CA Authorities from Webwasher 6?

Cheers,

Thorsten

0 Kudos
asabban
Level 17

Re: Howto add new certificate authorities?

Hi Thorsten,

generally yes. The 6.8.7 CAs should be the same as in 7.x. Only 6.9 has an updated list since we (finally) understood that we need to invest much more time on maintaining these lists. A direct conversion is difficult, because you need to inject a modified list into the MWG 7 and enforce the modified storage to be accepted (there is a hash that prevents manual changes).

If there is a need I can have a look at converting the 6.9 CAs to 7.

Best,

Andre

0 Kudos
Troja
Level 14

Re: Howto add new certificate authorities?

Hi Andre,

importing one whole CA List from Webwasher would be great. There are some customers requesting a complete CA list.

Cheers,

Thorsten

0 Kudos