cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3519
Views
5
Helpful
3
Replies
Highlighted
Enthusiast

WSA HTTPS proxy and client certificate authentication

Hi

 

at a customers site we have a virtual WSA Proxy running with WCCP behind an ASA firewall. We only face one problem: the customer has a site which authenticates the client via certificate. This doesnt work. If i dasable the transparent proxy for thsi host, everything works fine.

I solved it now by bypassing the proxy for the spicific website. Is there another solution to allow clients to authenticate via certificates to a website ?

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Hi,

Is this means that the websites (certain sites) are requesting for client certificate to authenticate during the SSL handshake?

If this is true, can you check your HTTPS option from the CLI since by default when HTTPS servers ask for client certificate during handshake, WSA will reply with certificate unavailable and the handshake normally will breaks.

To check this:

1. log in to CLI
2. Type advancedproxyconfig command
3. Type HTTPS
4. Keep pressing enter to accept default value till you reached "Action to be taken when HTTPS servers ask for client certificate during handshake:" and change it to "Pass through the transaction"

5. Keep pressing enter till reach initial prompt
6. Type commit to save the change.

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

Hi,

Is this means that the websites (certain sites) are requesting for client certificate to authenticate during the SSL handshake?

If this is true, can you check your HTTPS option from the CLI since by default when HTTPS servers ask for client certificate during handshake, WSA will reply with certificate unavailable and the handshake normally will breaks.

To check this:

1. log in to CLI
2. Type advancedproxyconfig command
3. Type HTTPS
4. Keep pressing enter to accept default value till you reached "Action to be taken when HTTPS servers ask for client certificate during handshake:" and change it to "Pass through the transaction"

5. Keep pressing enter till reach initial prompt
6. Type commit to save the change.

View solution in original post

Highlighted

Thanks. Did it for me. I couldn´t find this Setting in the GUI or user guide. Good to know it is there

 

Best regards

Highlighted

I had this problem and this helped me too!!

Content for Community-Ad