3 Replies Latest reply on Mar 17, 2016 8:49 AM by lnurmi

    Certificate issue in NGFW

    snikhil03

      we configured URL filtering with SSL Inspection.

      We have an internal certificate authority and the same has been configured on the NGFW so that the internal users can trust

      Certificate validity is for 2 years.

      But we see a strange case that when we try to access https://www/google.com ,it gives a cert_date_error and the page does not open.

      This happens for google and facebook.

      When we click on the certificate it shows the current date !!(the start date and end date is the same) ..it keeps changing on everyday

       

      can someone help me on this?

        • 1. Re: Certificate issue in NGFW
          lnurmi

          Hi,

           

          I'm not sure why it would give a date error, but as it only happens with Google and Facebook this could be related to an SSL decryption issue. These sites, plus a growing number of others, use a TLS extension called SPDY. Prior to version 5.9, the firewall could not decrypt such TLS traffic.

           

          If running an older version it might be a good idea to first upgrade to 5.10. This requires that SMC is running 5.10 too.

           

          BR,

          Lauri

          • 2. Re: Certificate issue in NGFW
            snikhil03

            We are using 5.9.2 .

            • 3. Re: Certificate issue in NGFW
              lnurmi

              I'd check the certificate, is it issued by the client protection CA defined on firewall or something else. If it's something else, it could even be caused by Avast or Kaspersky etc doing some HTTPS inspection in the PC itself.

               

              Might be best to open a support ticket if it's not caused by some software on the client PC, though in that case 5.10.2 would be preferable to 5.9.2 so you might want to upgrade first.

               

              -Lauri