cancel
Showing results for 
Search instead for 
Did you mean: 
jont717
Level 12
Report Inappropriate Content
Message 1 of 18

Transparent (WCCP) setup SSL certificate errors

Running 7.0.2.2

A lot of users are getting the normal Certificate error screen in IE saying there is a problem with the certificate and they have to click continue (not recommended).

All of these users have the web gateway certificate in their IE browsers already. This was pushed by GPO.

What I believe is the problem is that when they are first trying to connect to an HTTPS site from a desktop shortcut, sometimes the gateway goes to an IP address and not the URL. An example from my access log file would be: https://64.65.34.23 instead of https://www.google.com. I think this makes IE throw a certificate error because it is not going to the URL that matches the certificate. 

Why is it doing this for HTTPS sites?  For HTTP sites, I never see it go to IP addresses in my access log files.

http://www.sslshopper.com/assets/images/for_different_site.gif

17 Replies
mehran
Level 7
Report Inappropriate Content
Message 2 of 18

Re: Transparent (WCCP) setup SSL certificate errors

hi,i am facing the same issue, did you get any solution,plz help!thnks

robbieh
Level 7
Report Inappropriate Content
Message 3 of 18

Re: Transparent (WCCP) setup SSL certificate errors

If you don't do SSL Scan, you'll have that problem. Make sure you are doing SSL Scan for your WCCP clients!

Make sure you push down the web gateway cert (or your own cert if you have a CA) to the clients also, or you'll still get those errors.

Message was edited by: robbieh on 4/19/11 4:24:50 PM CDT
mehran
Level 7
Report Inappropriate Content
Message 4 of 18

Re: Transparent (WCCP) setup SSL certificate errors

thnks robbieh for your rply,

yes we are doing SSL scan fo our WCCP clients,pushing crets to clients is a real pain!is there any other way beside this??will these certs be different for IE and Mozilla?

jont717
Level 12
Report Inappropriate Content
Message 5 of 18

Re: Transparent (WCCP) setup SSL certificate errors

The certificate is the same for IE and Mozilla.  Pushing the cert with GPO in Active Directory is very easy.  You might have to do it manually for Firefox.

mehran
Level 7
Report Inappropriate Content
Message 6 of 18

Re: Transparent (WCCP) setup SSL certificate errors

thnks jont717!

Re: Transparent (WCCP) setup SSL certificate errors

Jont717,

Did you ever get this resolved?

jont717
Level 12
Report Inappropriate Content
Message 8 of 18

Re: Transparent (WCCP) setup SSL certificate errors

Yes,

Thanks for your intrest.  I did receive your other message as well. 

Re: Transparent (WCCP) setup SSL certificate errors

Cool.  Can you share what resolved it as were getting this occasionally after what I thought we found fixed it.

jont717
Level 12
Report Inappropriate Content
Message 10 of 18

Re: Transparent (WCCP) setup SSL certificate errors

I have a rule set that fixes the hostname.  Also, my problem was related to authentication.  Maybe yours is too.  We helped the issue by moving our authentication TTL to a few hours.  Our users all have their own PCs and do not sign into other PC, so this works for us.

Here is a screen shot.

08-10-2011 03-06-26 PM.png

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community