the cerificate which is used when connecting to the Web Interface of MWG with ssl will expire in some days.
Is there any action needed or will MWG automaticly generate a new certificate?
We do not break and scan ssl-traffic with MWG.
Thanks for help in advance.
you can import or generate a new certificate under Configuration / Certificate Management / McAfee Web Gateway Root CA. If you don't have your own certificate that you want to import, you can generate a new one via the web interface (Generate New Certificate Authority). You might need to restart the webwasher-csm service so that the change becomes active.
The certificate will be used for the Web Interface when you connect via HTTPS. If your existing certificate expires your browser will give you a warning when you try to access it, even if you don't use the SSL Scanner.
thanks for quick reply.
The McAfee Web Gateway Root CA certificate expires 25.03.2025. So we don´t think we have to generate a new one. The certificate which is used when connecting to Web Interface via HTTPS is valid from
28.05.2010 / 7:52:24 GMT
28.05.2011 / 7:52:24 GMT.
We did not generate this certificate by ourself
That´s why we think this is generated automaticly by MWG.
We can wait till monday and look what will happen.
on 24.05.11 13:14:06 MESZNachricht geändert durch mcafee-com-user on 24.05.11 13:15:00 MESZ
as far as I know a default certificate is created during a fresh installation of MWG. This is just an example and it is recommended to create your own Root CA. I think there is even a warning on the Overview page (System Alerts) about this. It should look like "The default root certificate is used by SSL Scanner. In order to avoid security problems create your own certificate".
As you don't use the SSL Scanner it's not a big deal and you could still use the old one. When you visit the GUI on Monday the webbrowser will issue a certificate warning, stating "Outdated Information". You can then opt to trust this anyway and everything will work as before.
just checked on an appliance. If you use the default CA and it expires MWG will automatically create a new one for you. You still get a notification from your browser, because the certificate has changed and you need to confirm that one. The same applies if you use the SSL Scanner with the default CA.