03-20-2013 06:03 AM
Hello,
We are running OS ver 7.5.0 for our web security appliance. Recently, we found out that none or of PC's can activate MS Office products. We go to the website https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx and we get a certificate error. When I view the certificate, the first path on the certification path is our Ironport and it has a red X mark. The description states that, "The CA Root Certificate isnot trusted becasue it is not in the Trusted Root Certification Authorities Store." How can I resolve this issue? Any asssistance is appreciated. Thanks
Certification Path
webproxy.company.com --> red x mark
activation.sls.microsoft.com --> OK
Solved! Go to Solution.
03-20-2013 08:20 AM
There are a few ways to resolve this:
1. Under Web Security Manager/Decryption Policies create a policy to not decrypt this site (create a custom category,
2. Under Web Security Manager/Decryption Policies modify the policy you're hitting to not decrypt sites with a reputation score high enough and make sure the reputation score of this site is high enough.
3. Add the Microsoft Root Cert to your WSA. (This is what I did...)
a. Connect to the site without going through the WSA
b. Click on the lock in the website, so you can see the cert, follow the cert chain to get to the root cert. SAVE the root cert.
c. use OpenSSL to convert the root cert to PEM format (you don't need the key)
d. go to Security Services/HTTPS Proxy, and upload the cert to "Custom Root Authority Certificates" at the bottom.
(#3 is roughly equivalent to when you get a new Root Cert update from MS on your windows box... Its just that the WSA isn't download the certs automatically...)
03-20-2013 08:20 AM
There are a few ways to resolve this:
1. Under Web Security Manager/Decryption Policies create a policy to not decrypt this site (create a custom category,
2. Under Web Security Manager/Decryption Policies modify the policy you're hitting to not decrypt sites with a reputation score high enough and make sure the reputation score of this site is high enough.
3. Add the Microsoft Root Cert to your WSA. (This is what I did...)
a. Connect to the site without going through the WSA
b. Click on the lock in the website, so you can see the cert, follow the cert chain to get to the root cert. SAVE the root cert.
c. use OpenSSL to convert the root cert to PEM format (you don't need the key)
d. go to Security Services/HTTPS Proxy, and upload the cert to "Custom Root Authority Certificates" at the bottom.
(#3 is roughly equivalent to when you get a new Root Cert update from MS on your windows box... Its just that the WSA isn't download the certs automatically...)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide