cancel
Showing results for 
Search instead for 
Did you mean: 
jont717
Level 12

Transparent (WCCP) setup SSL certificate errors

Running 7.0.2.2

A lot of users are getting the normal Certificate error screen in IE saying there is a problem with the certificate and they have to click continue (not recommended).

All of these users have the web gateway certificate in their IE browsers already. This was pushed by GPO.

What I believe is the problem is that when they are first trying to connect to an HTTPS site from a desktop shortcut, sometimes the gateway goes to an IP address and not the URL. An example from my access log file would be: https://64.65.34.23 instead of https://www.google.com. I think this makes IE throw a certificate error because it is not going to the URL that matches the certificate. 

Why is it doing this for HTTPS sites?  For HTTP sites, I never see it go to IP addresses in my access log files.

http://www.sslshopper.com/assets/images/for_different_site.gif

0 Kudos
17 Replies
mehran
Level 7

Re: Transparent (WCCP) setup SSL certificate errors

hi,i am facing the same issue, did you get any solution,plz help!thnks

0 Kudos
robbieh
Level 7

Re: Transparent (WCCP) setup SSL certificate errors

If you don't do SSL Scan, you'll have that problem. Make sure you are doing SSL Scan for your WCCP clients!

Make sure you push down the web gateway cert (or your own cert if you have a CA) to the clients also, or you'll still get those errors.

Message was edited by: robbieh on 4/19/11 4:24:50 PM CDT
0 Kudos
mehran
Level 7

Re: Transparent (WCCP) setup SSL certificate errors

thnks robbieh for your rply,

yes we are doing SSL scan fo our WCCP clients,pushing crets to clients is a real pain!is there any other way beside this??will these certs be different for IE and Mozilla?

0 Kudos
jont717
Level 12

Re: Transparent (WCCP) setup SSL certificate errors

The certificate is the same for IE and Mozilla.  Pushing the cert with GPO in Active Directory is very easy.  You might have to do it manually for Firefox.

0 Kudos
mehran
Level 7

Re: Transparent (WCCP) setup SSL certificate errors

thnks jont717!

0 Kudos

Re: Transparent (WCCP) setup SSL certificate errors

Jont717,

Did you ever get this resolved?

0 Kudos
jont717
Level 12

Re: Transparent (WCCP) setup SSL certificate errors

Yes,

Thanks for your intrest.  I did receive your other message as well. 

0 Kudos

Re: Transparent (WCCP) setup SSL certificate errors

Cool.  Can you share what resolved it as were getting this occasionally after what I thought we found fixed it.

0 Kudos
jont717
Level 12

Re: Transparent (WCCP) setup SSL certificate errors

I have a rule set that fixes the hostname.  Also, my problem was related to authentication.  Maybe yours is too.  We helped the issue by moving our authentication TTL to a few hours.  Our users all have their own PCs and do not sign into other PC, so this works for us.

Here is a screen shot.

08-10-2011 03-06-26 PM.png

0 Kudos