12-09-2019 10:34 AM
I need to update the https web proxy decryption certificate. We use an internal Microsoft Windows CA that is integrated in active directory. You can get the root CA by running mmc.exe and adding the certificates snap in, or we can go to our internal Microsoft /certsrv page and download the root CA there as well.
However in the Security Services > HTTPS Proxy, it does not allow you to proceed if you just attach the .cer file in the Use Uploaded Certificate and Key. It is complaining to "Please specify a file to upload." next to the Key field.
Where does one get such a "key"? I could understand in a unix based system a server certificate would be generated against a key, but we are talking about a ROOT certificate here.
Currently the cert loaded in expired November 25th. Though we have no interruption. If you go to a popular site like amazon for example and look at the certificate chain of trust, the root cert shows our current internal CA cert as the parent which expires in 2024.
So while we have no outages at this point, we had to disable the severe web proxy email alerts to stop the nag email from telling us a cert is expired. Rather than band aid it, I'd rather have server alerts turned on.
12-10-2019 08:33 AM
12-10-2019 09:49 AM
12-12-2019 08:04 AM
The CA is Windows Server 2012 R2. I just don't recall ever seeing anything in one of the certificate mmc snapins to export a key. I'll poke around on there.
I wish the WSA would just be updated to not require it. Nothing is broken at all. We are seeing all the popular https sites all signed by our Domain-CA as the parent, and in the browser its showing it doesn't expire until 2024. So even though in the WSA it thinks the cert is expired, its still using the new one anyway.
We just wanted to eliminate the alerts so I can turn back on email alerting for critical events for WebProxy.
12-18-2019 07:27 AM
I can't find where in Windows Server 2012 R2 you can export a "key" for the domain's root CA. Any ideas?
12-18-2019 07:42 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide