cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
781
Views
0
Helpful
4
Replies
Highlighted

WSA Change HTTPS Certificate

Hello, everyone. I would like to change the web interface https certificate of my WSA because previous workers issued the certificate with wrong URL and therefore although everything is installed it still gives an error. I changed through CLI however nothing changed. WSA still uses old one. My question do I have to reload the ironport for changes to take effect? I haven`t tried it because I cannot stop the users system. I wanted to be sure.

 

Thanks in advance.

Everyone's tags (3)
4 REPLIES 4
Highlighted
VIP Mentor

Re: WSA Change HTTPS Certificate

For WSA management cert you can generate new certificate and install, not required reboot.

 

BB
*** Rate All Helpful Responses ***
Highlighted

Re: WSA Change HTTPS Certificate

The problem is that I setup certificate from CLI from PEM format and even imported using GUI in P12 format and chose it from CLI. However when I enter WSA it still give me the old Certificate with wrong url. I mean although I imported the certificate and selected it from CLI, it doesn`t change.

Highlighted
Beginner

Re: WSA Change HTTPS Certificate

Hello,

 

I have the same issue.

Changed the certificate using the web interface, but still getting the old one.

Did you managed to solve this issue? How?

 

Thank you,

 

João Domingues

Highlighted
Cisco Employee

Re: WSA Change HTTPS Certificate

Hello  orkhan.rustamli.96/joaodomingues,

 

Please make sure you submit and commit the details before you download the certificate.

System administration -> Https proxy ->edit settings

If you are generating a self signed certificate on the WSA, you click "Generated Certificate and Key". You get a popup where it asks for Common name, Organization, Organizational Unit etc" you fill all this up and go to the bottom of the page and submit the details and commit changes (twice). Only now the new cert will be in use. now come  back to the same page

System administration -> Https proxy ->edit settings

Now go ahead and download the certificate 

The downloaded certificate needs to be present on all users machine in the trusted certificate store of all the browsers.

 

if you need to download a certificate signing request, click download certificate signing request (CSR), take this CSR to your CA, get it signed and get a certificate. Come back to the same page and browse and upload this certificate. submit and commit the changes. Only then this new certificate will be used. In this case make sure your Root CA is present in all the user machine browsers.

 

Regards

Shikha Grover

PS: Please don't forget to rate and select as validated answer if this answered your question