Hi, I'm trying to implement a WebGateway in a non corporate environment. I can't distribute my SSL certificate, because there is no LDAP or anything similar. So I need to install it manually. The problem is that are 100 000 endpoints, and I can't install all, so I was planing to create a welcome page to redirect the clients to a page with instructions on how to install it. The only think is that my client don't want the error page to appear before the welcome page. Any ideas??.
I attach a backup of the configuration of my webgateway
Please do not attach backups configurations Mod
so your idea is to make a welcome page which will have instructions about how to import the root certificate in order to get rid of the certificate errors?
The problem I see with that is that MWG cannot decide if a client has the certificate installed or not. So also users who already installed the certificate will see the welcome page every day or so, so it would only make sense if it contains some other details, such as a disclaimer for the internet usage or similar.
This will work fine if a client starts browsing with HTTP. If the user opens his browser ans types in an HTTPS URL he will see the certificate error, as MWG cannot establish a connection otherwise. The only possible workaround I can think of is sending a 302 Redirect to an HTTP web site or an HTTPS web site which hosts a real certificate that can be accepted by the browser.
This can only work in explicit proxy environments, in transparent environments there is no CONNECT request sent by the browser which MWG could reply to with a 302 Redirect. In transparent environments I don't see a way to display a website to a user without having him to accept the certificate used by MWG first.