cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 12
Report Inappropriate Content
Message 1 of 18

Transparent (WCCP) setup SSL certificate errors

Running 7.0.2.2

A lot of users are getting the normal Certificate error screen in IE saying there is a problem with the certificate and they have to click continue (not recommended).

All of these users have the web gateway certificate in their IE browsers already. This was pushed by GPO.

What I believe is the problem is that when they are first trying to connect to an HTTPS site from a desktop shortcut, sometimes the gateway goes to an IP address and not the URL. An example from my access log file would be: https://64.65.34.23 instead of https://www.google.com. I think this makes IE throw a certificate error because it is not going to the URL that matches the certificate. 

Why is it doing this for HTTPS sites?  For HTTP sites, I never see it go to IP addresses in my access log files.

http://www.sslshopper.com/assets/images/for_different_site.gif

17 Replies
Highlighted
Level 7
Report Inappropriate Content
Message 2 of 18

Re: Transparent (WCCP) setup SSL certificate errors

hi,i am facing the same issue, did you get any solution,plz help!thnks

Highlighted
Level 7
Report Inappropriate Content
Message 3 of 18

Re: Transparent (WCCP) setup SSL certificate errors

If you don't do SSL Scan, you'll have that problem. Make sure you are doing SSL Scan for your WCCP clients!

Make sure you push down the web gateway cert (or your own cert if you have a CA) to the clients also, or you'll still get those errors.

Message was edited by: robbieh on 4/19/11 4:24:50 PM CDT
Highlighted
Level 7
Report Inappropriate Content
Message 4 of 18

Re: Transparent (WCCP) setup SSL certificate errors

thnks robbieh for your rply,

yes we are doing SSL scan fo our WCCP clients,pushing crets to clients is a real pain!is there any other way beside this??will these certs be different for IE and Mozilla?

Highlighted
Level 12
Report Inappropriate Content
Message 5 of 18

Re: Transparent (WCCP) setup SSL certificate errors

The certificate is the same for IE and Mozilla.  Pushing the cert with GPO in Active Directory is very easy.  You might have to do it manually for Firefox.

Highlighted
Level 7
Report Inappropriate Content
Message 6 of 18

Re: Transparent (WCCP) setup SSL certificate errors

thnks jont717!

Highlighted

Re: Transparent (WCCP) setup SSL certificate errors

Jont717,

Did you ever get this resolved?

Highlighted
Level 12
Report Inappropriate Content
Message 8 of 18

Re: Transparent (WCCP) setup SSL certificate errors

Yes,

Thanks for your intrest.  I did receive your other message as well. 

Highlighted

Re: Transparent (WCCP) setup SSL certificate errors

Cool.  Can you share what resolved it as were getting this occasionally after what I thought we found fixed it.

Highlighted
Level 12
Report Inappropriate Content
Message 10 of 18

Re: Transparent (WCCP) setup SSL certificate errors

I have a rule set that fixes the hostname.  Also, my problem was related to authentication.  Maybe yours is too.  We helped the issue by moving our authentication TTL to a few hours.  Our users all have their own PCs and do not sign into other PC, so this works for us.

Here is a screen shot.

08-10-2011 03-06-26 PM.png

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community