cancel
Showing results for 
Search instead for 
Did you mean: 
cryptochrome
Level 7

"Inspect SSL Certificate" feature in MWG7?

Jump to solution

Hi,

in MWG6 we had an option in the SSL Scanner settings that would allow me to inspect a SSL certificate on the fly. I would just enter the URL of the destination and MWG would give some details on the certificate in use and would also allow me to take certain actions on the certificate (like allow or tunnel). Very handy for troubleshooting.

Is there something like that in MWG7?

Thanks

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: "Inspect SSL Certificate" feature in MWG7?

Jump to solution

Nope

0 Kudos
8 Replies
McAfee Employee

Re: "Inspect SSL Certificate" feature in MWG7?

Jump to solution

Nope

0 Kudos
cryptochrome
Level 7

Re: "Inspect SSL Certificate" feature in MWG7?

Jump to solution

Ah, that's too bad. Shouldn't that be fairly easy to implement, maybe in the troubleshooting section? Where could I raise a feature request?

0 Kudos
McAfee Employee

Re: "Inspect SSL Certificate" feature in MWG7?

Jump to solution

That seems like a good spot for it or in the SSL certificate scanning related settings (so it could automattically add a cert to a list or something).

The steps for filing a PER are outlined in this KB: https://kc.mcafee.com/corporate/index?page=content&id=KB60021 will help you file the Product Enhancment Request (PER) directly with Product Management (PM).

Best,

Jon

cnewman
Level 10

Re: "Inspect SSL Certificate" feature in MWG7?

Jump to solution

There is basic functionality, actually a bit similar to the 6x functionality.

If you look at the certificate verification section of the default SSL ruleset, there is a certificate whitelist. You can enter a url and it will auto fetch the cert for you and display info. You could easily copy that rule and use it to tunnel.

Image 2.png

0 Kudos
cryptochrome
Level 7

Re: "Inspect SSL Certificate" feature in MWG7?

Jump to solution

Interesting. What kind of list type is that? Is this non-standard, hidden list type? HostAndCertificate?

Will play with this tomorrow...

0 Kudos
cnewman
Level 10

Re: "Inspect SSL Certificate" feature in MWG7?

Jump to solution

Standard certificate list. You probably haven't seen one because the criteria to compare to must be a certificate too. I would checkout the rule built into the SSL ruleset and copy that rule.

0 Kudos
otruniger
Level 10

Re: "Inspect SSL Certificate" feature in MWG7?

Jump to solution

Thanks for that hint.

Would be very nice if some more of the important information was shown like Serialnumber, Issuer Key Identifier, Fingerprint

0 Kudos
andyclements
Level 12

Re: "Inspect SSL Certificate" feature in MWG7?

Jump to solution

Not built into the MWG, but SSL Shopper has a good tool to view certificate data: http://www.sslshopper.com/ssl-checker.html.  It has some of the data that you are looking for.

PHP has some tools that can also help, and provide more data.  I am sure there are other things that can do it as well, but that is the hammer I tend to wield when presenting things on the web.

0 Kudos