https://community.cisco.com/t5/web-security/problem-about-certificate-on-cisco-wsa/m-p/3386804#M7809 <DIV id="noteView" class="NoteView lia-note-view-display lia-note-source-outbox lia-note-unread lia-unread lia-component-notes-widget-note-view lia-component-note"> <DIV class="lia-quilt lia-quilt-private-notes-item lia-quilt-layout-single-row-full"> <DIV class="lia-quilt-row lia-quilt-row-main"> <DIV class="lia-quilt-column lia-quilt-column-24 lia-quilt-column-single lia-quilt-column-main-content"> <DIV class="lia-quilt-column-alley lia-quilt-column-alley-single"> <DIV class="lia-note-content"> <DIV class="lia-note-subject lia-component-subject">&nbsp;</DIV> <DIV class="lia-note-body lia-component-body"> <P>Problem about certificate on Cisco WSA</P> <P>&nbsp;</P> <P>I implement transparency proxy and enable https proxy</P> <P><SPAN>When I browse to the device in Internet Explorer (https://%FQDN%), I get a 'Problem with this website's security certificate' error because the appliance is using the Demo Appliance cert for the web interface.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P>I&nbsp;use to test by sign certificate by local CA Server and install on WSA (Trust cert with cert domain) , It’s work</P> <P>But Guest devices which not join domain not work.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I&nbsp;will use public cert solution for fix issue? or you have solution to fix this Issue?</P> <P><SPAN>PS.How solution solve this problem by not install cert at client, Because i can't install certificate to all client and guest.</SPAN></P> <P>&nbsp;</P> <P><SPAN>&nbsp;</SPAN></P> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> Sat, 09 Mar 2019 03:44:59 GMT NUTNICHA PIYANIJDUMRONG 2019-03-09T03:44:59Z https://community.cisco.com/t5/web-security/problem-about-certificate-on-cisco-wsa/m-p/3386804#M7809 <DIV id="noteView" class="NoteView lia-note-view-display lia-note-source-outbox lia-note-unread lia-unread lia-component-notes-widget-note-view lia-component-note"> <DIV class="lia-quilt lia-quilt-private-notes-item lia-quilt-layout-single-row-full"> <DIV class="lia-quilt-row lia-quilt-row-main"> <DIV class="lia-quilt-column lia-quilt-column-24 lia-quilt-column-single lia-quilt-column-main-content"> <DIV class="lia-quilt-column-alley lia-quilt-column-alley-single"> <DIV class="lia-note-content"> <DIV class="lia-note-subject lia-component-subject">&nbsp;</DIV> <DIV class="lia-note-body lia-component-body"> <P>Problem about certificate on Cisco WSA</P> <P>&nbsp;</P> <P>I implement transparency proxy and enable https proxy</P> <P><SPAN>When I browse to the device in Internet Explorer (https://%FQDN%), I get a 'Problem with this website's security certificate' error because the appliance is using the Demo Appliance cert for the web interface.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P>I&nbsp;use to test by sign certificate by local CA Server and install on WSA (Trust cert with cert domain) , It’s work</P> <P>But Guest devices which not join domain not work.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I&nbsp;will use public cert solution for fix issue? or you have solution to fix this Issue?</P> <P><SPAN>PS.How solution solve this problem by not install cert at client, Because i can't install certificate to all client and guest.</SPAN></P> <P>&nbsp;</P> <P><SPAN>&nbsp;</SPAN></P> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> Sat, 09 Mar 2019 03:44:59 GMT https://community.cisco.com/t5/web-security/problem-about-certificate-on-cisco-wsa/m-p/3386804#M7809 NUTNICHA PIYANIJDUMRONG 2019-03-09T03:44:59Z https://community.cisco.com/t5/web-security/problem-about-certificate-on-cisco-wsa/m-p/3387855#M7810 When you say "Browse to device" do you mean when you browse to the WSA's management interface?<BR /><BR />That cert could be a cert from a public vendor.<BR /><BR /><BR /><BR />If you mean you're going to other servers on the internet, you don't have a choice, you MUST install the root or the signing cert itself on the clients.<BR /><BR /><BR /><BR />OR<BR /><BR /><BR /><BR />Build a policy that doesn't decrypt for those stations that aren't domain joined.<BR /><BR /><BR /><BR /><BR /> Wed, 23 May 2018 17:52:08 GMT https://community.cisco.com/t5/web-security/problem-about-certificate-on-cisco-wsa/m-p/3387855#M7810 Ken Stieers 2018-05-23T17:52:08Z https://community.cisco.com/t5/web-security/problem-about-certificate-on-cisco-wsa/m-p/3388109#M7811 <P>Thank you. I understood.</P> Thu, 24 May 2018 02:43:12 GMT https://community.cisco.com/t5/web-security/problem-about-certificate-on-cisco-wsa/m-p/3388109#M7811 NUTNICHA PIYANIJDUMRONG 2018-05-24T02:43:12Z