cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

SSL inspection causing certificate issues with web developer tools

Jump to solution

We're running into a problem with SSL inspection causing certificate issues with some of our web developer tools like Ubuntu when it makes calls on port 443.  MWG reporting doesn't seem to recognize these problems, and I'm usually able to workaround it by adding the hostname (after the end user tells me what it is) it's calling out to into the MCP bypass list or whitelisting it on the gateway, however I'd like to know if there's a way to fix the problem on the front end in the web developer tools.  Perhaps importing the certificate into them?  Any help would be appreciated. 

Labels (1)
1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: SSL inspection causing certificate issues with web developer tools

Jump to solution

Hi,

Hope you are doing well.

 

When MWG doing SSL inspection , in that case MWG generates a certificate on the fly for the HTTPS website requested, so if the client is not able to trust that certificate then SSL handshake fails and you can see Unknown CA/CERT_AUTHORITY_INVALID kind of errors.  You can take a packet capture or check for any log at client side to confirm on the same.  If yes then importing the certificate into them will help.

 

When you bypass SSL inspection in that case SSL handshake happens directly between client and destination server and certificate is received from actual destination server which the client side is successfully able to trust.

 

Regards

Alok Sarda

View solution in original post

1 Reply
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: SSL inspection causing certificate issues with web developer tools

Jump to solution

Hi,

Hope you are doing well.

 

When MWG doing SSL inspection , in that case MWG generates a certificate on the fly for the HTTPS website requested, so if the client is not able to trust that certificate then SSL handshake fails and you can see Unknown CA/CERT_AUTHORITY_INVALID kind of errors.  You can take a packet capture or check for any log at client side to confirm on the same.  If yes then importing the certificate into them will help.

 

When you bypass SSL inspection in that case SSL handshake happens directly between client and destination server and certificate is received from actual destination server which the client side is successfully able to trust.

 

Regards

Alok Sarda

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community