A lot of users are getting the normal Certificate error screen in IE saying there is a problem with the certificate and they have to click continue (not recommended).
All of these users have the web gateway certificate in their IE browsers already. This was pushed by GPO.
What I believe is the problem is that when they are first trying to connect to an HTTPS site from a desktop shortcut, sometimes the gateway goes to an IP address and not the URL. An example from my access log file would be: https://184.108.40.206 instead of https://www.google.com. I think this makes IE throw a certificate error because it is not going to the URL that matches the certificate.
Why is it doing this for HTTPS sites? For HTTP sites, I never see it go to IP addresses in my access log files.
If you don't do SSL Scan, you'll have that problem. Make sure you are doing SSL Scan for your WCCP clients!
Make sure you push down the web gateway cert (or your own cert if you have a CA) to the clients also, or you'll still get those errors.Message was edited by: robbieh on 4/19/11 4:24:50 PM CDT
thnks robbieh for your rply,
yes we are doing SSL scan fo our WCCP clients,pushing crets to clients is a real pain!is there any other way beside this??will these certs be different for IE and Mozilla?
The certificate is the same for IE and Mozilla. Pushing the cert with GPO in Active Directory is very easy. You might have to do it manually for Firefox.
I have a rule set that fixes the hostname. Also, my problem was related to authentication. Maybe yours is too. We helped the issue by moving our authentication TTL to a few hours. Our users all have their own PCs and do not sign into other PC, so this works for us.
Here is a screen shot.