5 Replies Latest reply on May 24, 2011 8:56 AM by mcafee-com-user

    MWG6.8.7 - 8378: Certifcate for Web Interface will expire

    mcafee-com-user

      Hello,

       

      the cerificate which is used when connecting to the Web Interface of MWG with ssl will expire in some days.

       

      Is there any action needed or will MWG automaticly generate a new certificate?

       

      We do not break and scan ssl-traffic with MWG.

       

      Thanks for help in advance.

       

      Best regards.

        • 1. Re: MWG6.8.7 - 8378: Certifcate for Web Interface will expire
          dstraube

          Hello,

           

          you can import or generate a new certificate under Configuration / Certificate Management / McAfee Web Gateway Root CA. If you don't have your own certificate that you want to import, you can generate a new one via the web interface (Generate New Certificate Authority). You might need to restart the webwasher-csm service so that the change becomes active.

           

          The certificate will be used for the Web Interface when you connect via HTTPS. If your existing certificate expires your browser will give you a warning when you try to access it, even if you don't use the SSL Scanner.

           

          Regards,

           

          Dirk

          • 2. Re: MWG6.8.7 - 8378: Certifcate for Web Interface will expire
            mcafee-com-user

            Hello Dirk,

             

            thanks for quick reply.

             

            The McAfee Web Gateway Root CA certificate expires 25.03.2025. So we don´t think we have to generate a new one. The certificate which is used when connecting to Web Interface via HTTPS is valid  from

             

            28.05.2010 / 7:52:24 GMT

             

            till

             

            28.05.2011 / 7:52:24 GMT.

             

            We did not generate this certificate by ourself

             

            That´s why we think this is generated automaticly by MWG.

             

            We can wait till monday and look what will happen.

             

            mwg_certificate.jpg

             

            on 24.05.11 13:14:06 MESZ

             

            Nachricht geändert durch mcafee-com-user on 24.05.11 13:15:00 MESZ
            • 3. Re: MWG6.8.7 - 8378: Certifcate for Web Interface will expire
              dstraube

              Hello,

               

              as far as I know a default certificate is created during a fresh installation of MWG. This is just an example and it is recommended to create your own Root CA. I think there is even a warning on the Overview page (System Alerts) about this. It should look like "The default root certificate is used by SSL Scanner. In order to avoid security problems create your own certificate".

               

              As you don't use the SSL Scanner it's not a big deal and you could still use the old one. When you visit the GUI on Monday the webbrowser will issue a certificate warning, stating "Outdated Information". You can then opt to trust this anyway and everything will work as before.

               

              Regards,

               

              Dirk

              • 4. Re: MWG6.8.7 - 8378: Certifcate for Web Interface will expire
                dstraube

                Sorry,

                 

                just checked on an appliance. If you use the default CA and it expires MWG will automatically create a new one for you. You still get a notification from your browser, because the certificate has changed and you need to confirm that one. The same applies if you use the SSL Scanner with the default CA.

                 

                Regards,

                 

                Dirk

                • 5. Re: MWG6.8.7 - 8378: Certifcate for Web Interface will expire
                  mcafee-com-user

                  Hello Dirk,

                   

                  thank you very much for your help and support,

                   

                  Best regards.