Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2067
Views
0
Helpful
3
Replies

Certificate Error on WSA

Kanes Ramasamy
Level 1
Level 1

‎07-06-2016 09:54 AM

Hi All,

I need some advise on the errors that I am getting when access www.news.google.com, the web page loads fine but the images on the website does not load. I believe the issue may be related to certificate. The url www.news.google.com uses the certificate *google.com but the images uses the certificate www.google.com and that seems to be the reason why the images are not loading. The images are fetched from https://t3.gstatic.com/ which is google's dedicated url for images,css and java. Please assist on how to fix this issue. 

Your help is much appreciated. 

Thanks and Regards,

Kanes.R

Labels:
0 Helpful
3 Replies 3

Handy Putra
Cisco Employee
Cisco Employee

‎07-06-2016 04:27 PM

Hi Kanes,

Would suggest 'grep' the accesslogs from the WSA CLI to see what destination or to see all the traffic being handled by WSA for news.google.com and what actions taken and go from there.

To grep the access logs for an entry, SSH into the WSA and run the following command from the CLI:
1. Grep
2. Enter the number of the log you wish to grep: 1 (for access logs)
3. Enter the regular expression to grep: <client IP>
4. Do you want this search to be case insensitive?: Y
5. Do you want to search for non-matching lines? [N]> N
6. Do you want to tail the logs?: Y
7. Do you want to paginate the output?: N

0 Helpful

Kanes Ramasamy
Level 1
Level 1
In response to Handy Putra

‎07-11-2016 01:00 AM

Hi Handy,

Thanks for the guidance on the log collection and below is what i am seeing when the website that is not working is being accessed:

DECRYPT_ADMIN-INVALID_CERT_7

I believe there is a certificate issue but still not able to identify the fault. 

Any idea?

Regards,

Kanes.R

0 Helpful

Ken Stieers
VIP
VIP
In response to Kanes Ramasamy

‎07-11-2016 05:22 AM

For some reason, sometimes the WSA has an issue with an intermediate cert/cert chain.  You can upload the intermediate and/or root to clear it up.

Go to the site using a browser that isn't behind the WSA.  Click on the lock in the address bar so it shows you the cert.  View the cert chain and save the intermediate and root certso as base64 files.  Go to the gui on the WSA, Network/Certificate Management/Manage Root Certs and upload these two certs.  

Once uploaded, check the On Cisco List column.  If it says yes you can delete that one...  submit/commit

0 Helpful
Customers Also Viewed These Support Documents