cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
914
Views
0
Helpful
1
Replies

Certificate Error

sobrien
Level 1
Level 1

Hello,

We are running OS ver 7.5.0 for our web security appliance. Recently, we found out that none or of PC's can activate MS Office products. We go to the website https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx and we get a certificate error. When I view the certificate, the first path on the certification path is our Ironport and it has a red X mark. The description states that, "The CA Root Certificate isnot trusted becasue it is not in the Trusted Root Certification Authorities Store." How can I resolve this issue? Any asssistance is appreciated. Thanks

Certification Path

webproxy.company.com --> red x mark

    activation.sls.microsoft.com --> OK

1 Accepted Solution

Accepted Solutions

There are a few ways to resolve this:

1. Under Web Security Manager/Decryption Policies create a policy to not decrypt this site (create a custom category,

2. Under Web Security Manager/Decryption Policies modify the policy you're hitting to not decrypt sites with a reputation score high enough and make sure the reputation score of this site is high enough.

3. Add the Microsoft Root Cert to your WSA. (This is what I did...) 

     a.  Connect to the site without going through the WSA

     b. Click on the lock in the website, so you can see the cert, follow the cert chain to get to the root cert.  SAVE the root cert.

     c. use OpenSSL to convert the root cert to PEM format (you don't need the key)

     d. go to Security Services/HTTPS Proxy, and upload the cert to "Custom Root Authority Certificates" at the bottom. 

(#3 is roughly equivalent to when you get a new Root Cert update from MS on your windows box... Its just that the WSA isn't download the certs automatically...)

View solution in original post

1 Reply 1

There are a few ways to resolve this:

1. Under Web Security Manager/Decryption Policies create a policy to not decrypt this site (create a custom category,

2. Under Web Security Manager/Decryption Policies modify the policy you're hitting to not decrypt sites with a reputation score high enough and make sure the reputation score of this site is high enough.

3. Add the Microsoft Root Cert to your WSA. (This is what I did...) 

     a.  Connect to the site without going through the WSA

     b. Click on the lock in the website, so you can see the cert, follow the cert chain to get to the root cert.  SAVE the root cert.

     c. use OpenSSL to convert the root cert to PEM format (you don't need the key)

     d. go to Security Services/HTTPS Proxy, and upload the cert to "Custom Root Authority Certificates" at the bottom. 

(#3 is roughly equivalent to when you get a new Root Cert update from MS on your windows box... Its just that the WSA isn't download the certs automatically...)