Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
0
Helpful
1
Replies

WSA: Cert Chain Issue in HTTPS Proxy

Jay Tiwari
Cisco Employee
Cisco Employee

‎01-28-2020 08:52 AM

Hi Experts,

Scenario:

I am deploying WSA with HTTPS proxy. for that

1. WSA is working as subCA.

2. Root CA is somewhere else

3. Endpoints have root CA cert

Issue:

Now when WSA sends certificate to endpoint during https proxy, it doesn't send entire chain to endpoint and thus endpoint doesn't trust certificate provided by WSA.

Any pointer to solve this issue will be highly appreciated.

Many Thanks,

˜Jay

 

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎01-28-2020 09:07 AM

You have to put the public root cert on the WSA too.
Under Network/Certificate Management, click on the Manage Trusted Root Certificates, and upload your root cert.




0 Helpful
Customers Also Viewed These Support Documents