Solved: Re: Problem about certificate on Cisco WSA

NUTNICHA PIYANIJDUMRONG · ‎05-22-2018

Problem about certificate on Cisco WSA

I implement transparency proxy and enable https proxy

When I browse to the device in Internet Explorer (https://%FQDN%), I get a 'Problem with this website's security certificate' error because the appliance is using the Demo Appliance cert for the web interface.

I use to test by sign certificate by local CA Server and install on WSA (Trust cert with cert domain) , It’s work

But Guest devices which not join domain not work.

I will use public cert solution for fix issue? or you have solution to fix this Issue?

PS.How solution solve this problem by not install cert at client, Because i can't install certificate to all client and guest.

Ken Stieers · ‎05-23-2018

When you say "Browse to device" do you mean when you browse to the WSA's management interface?

That cert could be a cert from a public vendor.

If you mean you're going to other servers on the internet, you don't have a choice, you MUST install the root or the signing cert itself on the clients.

OR

Build a policy that doesn't decrypt for those stations that aren't domain joined.

View solution in original post

Ken Stieers · ‎05-23-2018

When you say "Browse to device" do you mean when you browse to the WSA's management interface?

That cert could be a cert from a public vendor.

If you mean you're going to other servers on the internet, you don't have a choice, you MUST install the root or the signing cert itself on the clients.

OR

Build a policy that doesn't decrypt for those stations that aren't domain joined.

NUTNICHA PIYANIJDUMRONG · ‎05-23-2018

Thank you. I understood.