Thank you for your reply. Would it not be good to publish this issue in KB77166 "Web Gateway 7.3.1 Known Issues"?
Do you know when a fix will be available?
I personally would say you are right but I believe the "known issues" list presents the issues that we knew about when the version was published, but it is not a "living" document that is updated whenever a new issue is found. I will check if we can update the document somehow, but I can't promise.
The issue should be fixed in builds larger than 14670, so it should be the next version that comes for or replaces 7.3.1. Unfortunately I am not aware of any timescales yet. If you are interested I can provide you with a workaround that should solve the problem for now, unfortunately it requires some tweaking on the command line and with the configuration files.
Let me know if you are interested.
In KB77166 there is the following sentence: “This article will be updated if new issues are identified post-release or if additional information becomes available.”
English is not my native language so do I misunderstand that this should be a living document?
Anyway this is not so important. I think it would be good to have a document with all known bugs at a time. Maybe this would reduce support requests.
Thank you very much for your support. An immediate fix is not necessary as 7.3.1 is only running in a test environment. I just thought it would be good to report this bug.
I really appreciate the fast response and the offer of a workournd. This is very good support!
I believe you are right. I should have read the KB article in more detail :-) I will try to talk to one or two people to see what they think. I actually cannot modify the document myself, but I try to find someone who can.
If you are running in a test environment I would leave the shipped certificate in place. Once you get an updated version you will be able to create a new certificate or import your own certificate and all should be fine. If you find out that you want the work around at a later time simply let me know.
Thank you for your efforts. It would be nice to know what happens to the KB article. Can you keep me informed please?
I think we will wait until the next official release. The UI is anyway only accessed by a limited number of System Administrators.
And again I am impressed about the good support. Nowadays this is not anymore something taken for granted.
My proposal that you do not have to edit configuration files manually:
- Install 18.104.22.168
- Import or generate your own certificate
- Update the appliance to 7.3.1
Maybe you find this article helpful to create and import your own certificate from a Microsoft CA: KB75037
It describes the process to create and import a custom SubCA certificate but the process is the same for the UI cert.
to work around the problem please perform the following steps. Please node that we will modify the MWG configuration on the command line - you should only do this if you feel a little familiar with the instructions. Mistakes can have a bad impact. Also I recommend to do this on non-production systems only (and take a backup :-)).
1.) Connect to MWG via SSH
2.) Change to the folder which contains the file we need to modify
3.) Open the file we need to modify in the editor:
4.) Find the line which needs to be changed. Once in the editor type "/" followed by:
5.) You will end up in a line that looks like this:
<key variable="ui.sslcert.key" confidential="true" minimum-public-key-length="1024">
6.) Type the "end" button on the keyboard or use cursor keys to jump to the last character of the line.
7.) Move the cursor in front of the closing ">", type "i" for insert
9.) You should have a line that looks like this now:
<key variable="ui.sslcert.key" confidential="true" minimum-public-key-length="1024" encoding="base64">
10.) Hit the "Esc" key to leave the insert mode
to save the file and exist the editor
12.) Restart MWG
service mwg restart
13.) Go to the UI, generate a new certificate again
14.) It should be good now :-)