cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2902
Views
0
Helpful
3
Replies

Ironport Secure SSL credential authentication problem

Justin Westover
Level 1
Level 1

We are using ironport as our web security appliance. I have enabled credential encryption under the network ---> authentication tabs. In order for this feature to work, you must have a valid certificate installed under the authentication tab. So I created a cert request and took that cert request and went to godaddy.com and got myself a 3rd party certificate. My thinking was, this way I would not receive cert errors on iPads/iPhones, etc.. I did it this way because those mobile devices do not have our internal corporate root certificate but they do have the trusted root certificate for godaddy. So I got my cert from godaddy and updated the cert and the key file to ironport.

Well now everything works great except for iPhones/iPads. All the windows devices don't have any issues. All of the iPads/iPhones have cert errors before a user is presented with the authentication prompt. The cert error just says that it can't validate the identity of the cert?! I looked it up and the iPads/iPhones have the godaddy root cert installed.

The CN for the cert I created is called ironport. The redirect hostname on ironport is "ironport" (no quotes). So everything should match up and work. Does anyone have any clue of what i'm missing here?

3 Replies 3

Erik Kaiser
Cisco Employee
Cisco Employee

Hi Justin,

I would recommend that you open a support case with WSA support.

Erik K.

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator

I'm going to bet that you installed the cert tou were issued from GoDaddy, but not the intermediate ones that Go Daddy uses. IIRC, you can concatenate them, either just by copying the pieces all to one file, or there's a routine in OpenSSL that will roll it all together for you....Eg you want to put the whole chain on the WSA, not just your server cert....

Sent from Cisco Technical Support iPad App

techtone
Level 1
Level 1

   Justin,

  Did you ever get an answer from Ironport about this issue? I am up against the same thing right now with the deployment of IPAD's in my school district. I am currently using the Ironport self-signed cert which is fine for Windows clients. I want to know that the GoDaddy cert will work for the IPAD's before I go through the hassle of purchasing and installing the cert.  Thanks

  Tony

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: