in MWG6 we had an option in the SSL Scanner settings that would allow me to inspect a SSL certificate on the fly. I would just enter the URL of the destination and MWG would give some details on the certificate in use and would also allow me to take certain actions on the certificate (like allow or tunnel). Very handy for troubleshooting.
Is there something like that in MWG7?
Solved! Go to Solution.
Ah, that's too bad. Shouldn't that be fairly easy to implement, maybe in the troubleshooting section? Where could I raise a feature request?
That seems like a good spot for it or in the SSL certificate scanning related settings (so it could automattically add a cert to a list or something).
The steps for filing a PER are outlined in this KB: https://kc.mcafee.com/corporate/index?page=content&id=KB60021 will help you file the Product Enhancment Request (PER) directly with Product Management (PM).
There is basic functionality, actually a bit similar to the 6x functionality.
If you look at the certificate verification section of the default SSL ruleset, there is a certificate whitelist. You can enter a url and it will auto fetch the cert for you and display info. You could easily copy that rule and use it to tunnel.
Interesting. What kind of list type is that? Is this non-standard, hidden list type? HostAndCertificate?
Will play with this tomorrow...
Standard certificate list. You probably haven't seen one because the criteria to compare to must be a certificate too. I would checkout the rule built into the SSL ruleset and copy that rule.
Thanks for that hint.
Would be very nice if some more of the important information was shown like Serialnumber, Issuer Key Identifier, Fingerprint
Not built into the MWG, but SSL Shopper has a good tool to view certificate data: http://www.sslshopper.com/ssl-checker.html. It has some of the data that you are looking for.
PHP has some tools that can also help, and provide more data. I am sure there are other things that can do it as well, but that is the hammer I tend to wield when presenting things on the web.