Showing results for 
Show  only  | Search instead for 
Did you mean: 

https pages not working with new certificate.


For my first post here I bring you a really weird problem.

For a customer I have build a cluster of two 1100e appliances. App 1 is the master App 2 a node. At this point the master is also the CA. Because the CA is a selfsigned CA users are getting a warning when opening a https page through the appliance. The customer does not have a CA server in its network so I have to request a certificate at a trusted authority. I chose to request a 30 day free certificate first for testing. I did the following steps:

- Make a CSR on the master (made a key file and put in a password at the csr dialog). I followed the manual on this one.

- I uploaded the CSR file to a public CA and received my certificate.

- On the appliance under certificate management I uploaded the certificate, key file and password.

- The appliance accepted the certificate.

- Rebooted the appliance.

- After the reboot I checked the CA under certificate management and I got back a working validated certificate.

My problem is that none of the https pages going trough the appliance are working. no error messages, just "page cannot be displayed". The https management page on the appliance is also not working any more. My second problem is that the node appliance copied the certificate from the master, which is signed to the master hostname not the node's. How do I prevent the node copying the certificate so I can upload a publicly signed one signed to its hostname?

Any help would be greatly appreciated.

4 Replies

Re: https pages not working with new certificate.

I have also submitted a support ticket for this problem but so far they have not found any solution. Can someone tell me if I did the correct steps to assign a CA to my appliance? My goal is to have SSL scanning without a self-signed certificate warning for the end users.

Re: https pages not working with new certificate.

It cannot be done.

In order for MWG to perform SSL scanning it has to be a CA or sub-ordinate CA that has the ability to generate other SSL certs.

A public CA will not issue a certificate that has signing authority for other SSL certs.

Therefore, the only way to do SSL scanning is to have MWG as its own CA, or as a sub-ordinate CA from an internal Certificate authority. If you had a Microsoft CA already on the domain and its CA certificate has been distributed to the clients already, by making MWG a sub-ordinate from your own MS CA, you could do SSL scanning because the MS CA is already deployed to the client.

There is no other way for MWG or any other SSL decryption product.

Re: https pages not working with new certificate.

Thanks. Looks like I will have to try to get the customer to implement a CA server. The documentation from McAfee could be better on this topic.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: https pages not working with new certificate.

Hello Rslaats,

Some of this information is already discussed in the documentation.

Please see PD22642 on page 41 ( for importing a sub-ordinate CA from a microsoft authority.

Let me know if you were looking for different information, and I'll see if I can find any other resources.


Message was edited by: Jon Scholten on 6/17/10 9:50:23 AM CDT
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community