cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1084
Views
0
Helpful
2
Replies

https not working?

birukgetachew
Level 1
Level 1

Hi guys, I have just deplyed Cisco Ironport web security applicance in our company. After doing that, I have got results as I expected, except https traffic. What I found was, any https traffic ( like gmail, banks... ) are showing a certificate error message. I also tried to import the certificate of the Ironport to a trusted certifiicate authorities because I am using a self signed certificate for my appliance. Any idea????

2 Replies 2

Erik Kaiser
Cisco Employee
Cisco Employee

Hi Biruk,

You will have to export the self generated HTTPS certificate and input it into each client PC that makes requests through the WSA. Typically this is done by adding the certificate into your GPO for IE into the Trusted Root Certificate Authority. Let me know if that answers your question or feel free to reply with further questions.

Sincerely,

Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator

Thanks Erik,

Well, what I have done is to just allow (pass through ) option in the Ironport appliance for https traffic which I thought are safe (like web based email) and block others which might be harmful. The problem with GPO solution is that most of the computers within my environment have not joined the domain. When I found out that my https traffic was not working, I saw a certificate error in my browser. So, I tried to add the self generated certificate from the browser to my list of "Trusted Root Certificate Authorities", but I still couldn't establish the required connection. What I concluded from this was: the Ironport is trying to decrypt the encrypted traffic but it doesn't have the certificate to do so. So I let the encrypted traffic to pass through and it worked.