Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1311 Views 15 Replies Latest reply: Mar 7, 2013 10:37 AM by asabban RSS 1 2 Previous Next
sthe Newcomer 29 posts since
Mar 16, 2012
Currently Being Moderated

Mar 7, 2013 5:06 AM

User Interface Certificate Error - only in 7.3.1

Hello

 

Importing or generating a new User Interface Certificate results in the following error when changes are saved:

mwg_cert_error_7.3.1.0.png

The problem appears only in 7.3.1. Tested with JRE 7u17 and 7u9 on Windows 7 x86 and JRE 6u43 on Windows XP.

MWG Version 7.2.0.7 and 7.3.0.2 are not affected.

 

Beste Regards

 

Stefan

  • asabban McAfee SME 1,354 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Mar 7, 2013 6:02 AM (in response to sthe)
    Re: User Interface Certificate Error - only in 7.3.1

    Hello,

     

    there is a known bug that causes the problem. It will be fixed in a future version.

     

    Best,

    Andre

  • asabban McAfee SME 1,354 posts since
    Nov 3, 2009
    Currently Being Moderated
    3. Mar 7, 2013 6:22 AM (in response to sthe)
    Re: User Interface Certificate Error - only in 7.3.1

    Hello,

     

    I personally would say you are right but I believe the "known issues" list presents the issues that we knew about when the version was published, but it is not a "living" document that is updated whenever a new issue is found. I will check if we can update the document somehow, but I can't promise.

     

    The issue should be fixed in builds larger than 14670, so it should be the next version that comes for or replaces 7.3.1. Unfortunately I am not aware of any timescales yet. If you are interested I can provide you with a workaround that should solve the problem for now, unfortunately it requires some tweaking on the command line and with the configuration files.

     

    Let me know if you are interested.

     

    Best,

    Andre

  • asabban McAfee SME 1,354 posts since
    Nov 3, 2009
    Currently Being Moderated
    5. Mar 7, 2013 8:01 AM (in response to sthe)
    Re: User Interface Certificate Error - only in 7.3.1

    Hi Stefan,

     

    I believe you are right. I should have read the KB article in more detail :-) I will try to talk to one or two people to see what they think. I actually cannot modify the document myself, but I try to find someone who can.

     

    If you are running in a test environment I would leave the shipped certificate in place. Once you get an updated version you will be able to create a new certificate or import your own certificate and all should be fine. If you find out that you want the work around at a later time simply let me know.

     

    Best,

    Andre

  • DBO Apprentice 158 posts since
    Nov 4, 2009
    Currently Being Moderated
    6. Mar 7, 2013 9:04 AM (in response to asabban)
    Re: User Interface Certificate Error - only in 7.3.1

    I am «finally» building our first WW7 unit in the lab to replace our aging 6.9.1 proxy.  Since it is build on 7.3.1, what is the workaround?

     

    Thank you

  • asabban McAfee SME 1,354 posts since
    Nov 3, 2009
    Currently Being Moderated
    9. Mar 7, 2013 9:48 AM (in response to DBO)
    Re: User Interface Certificate Error - only in 7.3.1

    Hello,

     

    to work around the problem please perform the following steps. Please node that we will modify the MWG configuration on the command line - you should only do this if you feel a little familiar with the instructions. Mistakes can have a bad impact. Also I recommend to do this on non-production systems only (and take a backup :-)).

     

    So:

     

    1.) Connect to MWG via SSH

    2.) Change to the folder which contains the file we need to modify

     

    cd /opt/mwg/share/handshake/engines/

     

    3.) Open the file we need to modify in the editor:

     

    vi user_interface.xml

     

    4.) Find the line which needs to be changed. Once in the editor type "/" followed by:

     

    ui.sslcert.key

     

    5.) You will end up in a line that looks like this:

     

    <key variable="ui.sslcert.key" confidential="true" minimum-public-key-length="1024">

     

    6.) Type the "end" button on the keyboard or use cursor keys to jump to the last character of the line.

     

    7.) Move the cursor in front of the closing ">", type "i" for insert

     

    8.) Add

     

    encoding="base64"

     

    9.) You should have a line that looks like this now:

     

    <key variable="ui.sslcert.key" confidential="true" minimum-public-key-length="1024" encoding="base64">

     

    10.) Hit the "Esc" key to leave the insert mode

     

    11.) Type

     

    :wq

     

    to save the file and exist the editor

     

    12.) Restart MWG

     

    service mwg restart

     

    13.) Go to the UI, generate a new certificate again

     

    14.) It should be good now :-)

     

    Best,

    Andre

1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (2)