[NOTABUG] [7.350] Certificate error when i browse all HTTPS sites

[NathanPConvergent]

Anytime I browse an HTTPS site when the HTTPS scanning is on I get the "There is a problem with this sites security certificate" error. Attached is a screenshot showing this in greater detail.

[trollvottel]

You have to download the CA-Certificate from the ASG into your browser first. This means you have trust the ASG so it can act as "man-in-the-middle".

[tom]

To "repair" the chain of trust when using HTTPS scanning, the client browser must trust the "Signing CA" of the proxy. This CA can be managed at "HTTP/S Proxy".

Three options are available to get the public "Signing CA" certificate installed into the client browsers (or in the case of IE, Window's certificate management):

a) Have clients visit the URL "http://passthrough.fw-notify.net/cacert.pem". This will trigger certificate installation. The process varies from browser to browser.

b) Download the "Signing CA" in PEM format in WebAdmin (HTTP/S Proxy -> HTTPS CAs), then distribute it to clients using AD group policies (good for MS shops).

c) Have clients visit the End User Portal. It has a new menu entry "HTTPS proxy" which features a single button to install the "Signing CA".

[BrucekConvergent]

Yeah, I tried it... still have problems, but Tom has a PM with the details... may be a bug with something other than the certificate itself... good to know about the end-user portal option.

[warper]

So is this not working properly? When I tried this procedure it seemed to work. The issue is that after I do it I can no longer get back into the webadmin while https proxy is on and I use the proxy. I keep getting this.

(Error code: ssl_error_bad_cert_domain

I accept the cert but can't login into the webadmin. I than have to turn the proxy off on the browser to get into webadmin.