https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/2974869#M7002 <P>Hi Ravi,</P> <P>Thanks for the reply.</P> <P>It seems to be happening with all sites that I access under the .austfoot.com.au domain.&nbsp;</P> <P>Another example is <A href="https://connx.austfoot.com.au" target="_blank">https://connx.austfoot.com.au</A> as soon as I go through the WSA I get the SSL error.</P> Wed, 11 Jan 2017 20:19:26 GMT andrei.goutnik 2017-01-11T20:19:26Z https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/2974865#M6998 <P>I am having an issue with Cisco Web Security Appliance (S380), accessing https websites.</P> <P>Specifically when trying to access our webmail website i get an error "ERR_SSL_PROTOCOL_ERROR" when running through the Cisco WSA.&nbsp;</P> <P>The website is <A href="https://webmail.austfoot.com.au" target="_blank">https://webmail.austfoot.com.au</A> we have a SSL certificate from DigiCert and i have added the *.austfoot.com.au domain to be bypassed in WSA however i still get the error.</P> <P></P> <P>Works fine if not going through the WSA.</P> <P></P> <P>It used to work fine, however the Appliance was updated to the latest update and now it has stopped working. I thought i just needed to load the certificate into "Certificate Management" under trusted root, however that didnt work.</P> Mon, 09 Jan 2017 22:35:42 GMT https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/2974865#M6998 andrei.goutnik 2017-01-09T22:35:42Z https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/2974866#M6999 <P>Can you post some of the logs from the access logs when the site is accessed?</P> Tue, 10 Jan 2017 01:45:45 GMT https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/2974866#M6999 David Niemann 2017-01-10T01:45:45Z https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/2974867#M7000 <P>Would it be the following?</P> <P></P> <PRE class="prettyprint">1483928012.640 1 10.1.1.59 TCP_MISS/502 39 CONNECT tunnel://webmail.austfoot.com.au:443/ - DIRECT/webmail.austfoot.com.au - PASSTHRU_WEBCAT_7-DefaultGroup-AFL_Active_Directory-NONE-NONE-NONE-DefaultGroup &lt;IW_sprt,0.0,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_sprt,-,"-","-","Unknown","Unknown","-","-",312.00,0,-,"-","-",-,"-",-,-,"-","-"&gt; - 1483928012.645 4 10.1.1.59 TCP_MISS/502 39 CONNECT tunnel://webmail.austfoot.com.au:443/ - DIRECT/webmail.austfoot.com.au - PASSTHRU_WEBCAT_7-DefaultGroup-AFL_Active_Directory-NONE-NONE-NONE-DefaultGroup &lt;IW_sprt,0.0,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_sprt,-,"-","-","Unknown","Unknown","-","-",78.00,0,-,"-","-",-,"-",-,-,"-","-"&gt; -</PRE> Tue, 10 Jan 2017 06:05:44 GMT https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/2974867#M7000 andrei.goutnik 2017-01-10T06:05:44Z https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/2974868#M7001 <P>You are getting this error only for this URL or whenever you are accessing any https site?</P> <P>In Some cases, SSL state may blok your connection and show you this error. Try to clear SSL state</P> <P></P> Wed, 11 Jan 2017 15:25:29 GMT https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/2974868#M7001 Ravi Singh 2017-01-11T15:25:29Z https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/2974869#M7002 <P>Hi Ravi,</P> <P>Thanks for the reply.</P> <P>It seems to be happening with all sites that I access under the .austfoot.com.au domain.&nbsp;</P> <P>Another example is <A href="https://connx.austfoot.com.au" target="_blank">https://connx.austfoot.com.au</A> as soon as I go through the WSA I get the SSL error.</P> Wed, 11 Jan 2017 20:19:26 GMT https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/2974869#M7002 andrei.goutnik 2017-01-11T20:19:26Z https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/3943665#M8835 <P>pertanyaan saya yang ingin saya tanyakan karena kasus yang saya alami hampir sama di ip menuju website <A href="https://www.pekalongan-news.com/" target="_self">Pekalongan news</A></P> Sat, 19 Oct 2019 01:51:48 GMT https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/3943665#M8835 jonianggara65839 2019-10-19T01:51:48Z https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/4004609#M8920 <P>Hello&nbsp;<SPAN class=""><A id="link_13" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://community.cisco.com/t5/user/viewprofilepage/user-id/107895" target="_self">andrei.goutnik</A>,</SPAN></P> <P>&nbsp;</P> <P><SPAN class="">The domain you have mentioned is not being bypassed. I think you added ".austfoot.com.au" to the bypass settings on the WSA when you says you have bypassed it however you have an explicit setup ( either PAC file, Hostname/Ip of the WSA in the browser). Bypass settings on the WSA work only with the Transparent setup (wccp). Please bypass this domain on the PAC file or on the browser it self. you cannot bypass it on the WSA. you can try to make a custom url category also and allow /passthrough it in access/decryption policy and check if it works. If it doesn't then you have bypass it for sure.&nbsp;</SPAN></P> <P>&nbsp;</P> <P>Regards</P> <P>Shikha Grover</P> <P>PS: Please don't forget to rate and select as validated answer if this answered your question</P> Mon, 30 Dec 2019 05:11:36 GMT https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/4004609#M8920 shgrover 2019-12-30T05:11:36Z https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/4631158#M10136 <P>I cant visit half of the <A href="https://potteryandcrafting.com/best-pottery-wheels-for-beginners/" target="_self">website</A>&nbsp;on the internet. The connection is not sure on half of the websites. Anyone know the solution to this?</P> Mon, 13 Jun 2022 23:51:18 GMT https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/4631158#M10136 jameslehner992 2022-06-13T23:51:18Z https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/4632037#M10141 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1366503">@jameslehner992</a>&nbsp;</P> <P>kindly share with us more details about your issue.</P> <P>you can brows some https and can not brose some https site ( approximately 50%-50%)&nbsp;</P> <P>if so please share the output of sslconfig &gt; versions from CLI and some lines of access logs from blocked URLs and allowed URLs&nbsp;</P> Tue, 14 Jun 2022 20:39:10 GMT https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/4632037#M10141 amojarra 2022-06-14T20:39:10Z https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/4632042#M10142 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/107895">@andrei.goutnik</a>&nbsp;</P> <P>I can see HTTP 502 from your accesslog which is Bad gateway.&nbsp;</P> <P>If you done the steps&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/137215">@shgrover</a>&nbsp; mentioned and still get 502 from accesslogs,&nbsp;could you please capture packet from WSA filter for your client IP and your server IP , try to reproduce the issue and share the PCAP.</P> <P>to do this check page 569 userguide :&nbsp;<A href="https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0.pdf" target="_blank">User Guide for AsyncOS 14.0 for Cisco Web Security Appliances - GD (General Deployment)</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Kindly note that I can not open the URL :&nbsp;<A href="https://webmail.austfoot.com.au/" target="_blank">https://webmail.austfoot.com.au</A>&nbsp;from my computer and I get :&nbsp;<SPAN>ERR_CONNECTION_TIMED_OUT</SPAN></P> <P>&nbsp;</P> <P><SPAN>also I can not resolve&nbsp;austfoot.com.au&nbsp;</SPAN></P> <P>&nbsp;</P> <P>thanks&nbsp;&nbsp;</P> <P>&nbsp;</P> Tue, 14 Jun 2022 20:47:27 GMT https://community.cisco.com/t5/web-security/https-error-on-websites/m-p/4632042#M10142 amojarra 2022-06-14T20:47:27Z