Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6074
Views
6
Helpful
3
Replies

WSA HTTPS proxy and client certificate authentication

Go to solution
Is101008
Level 4
Level 4

‎04-11-2015 03:18 AM

Hi

 

at a customers site we have a virtual WSA Proxy running with WCCP behind an ASA firewall. We only face one problem: the customer has a site which authenticates the client via certificate. This doesnt work. If i dasable the transparent proxy for thsi host, everything works fine.

I solved it now by bypassing the proxy for the spicific website. Is there another solution to allow clients to authenticate via certificates to a website ?

 

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Handy Putra
Cisco Employee
Cisco Employee

‎04-11-2015 09:59 PM

Hi,

Is this means that the websites (certain sites) are requesting for client certificate to authenticate during the SSL handshake?

If this is true, can you check your HTTPS option from the CLI since by default when HTTPS servers ask for client certificate during handshake, WSA will reply with certificate unavailable and the handshake normally will breaks.

To check this:

1. log in to CLI
2. Type advancedproxyconfig command
3. Type HTTPS
4. Keep pressing enter to accept default value till you reached "Action to be taken when HTTPS servers ask for client certificate during handshake:" and change it to "Pass through the transaction"

5. Keep pressing enter till reach initial prompt
6. Type commit to save the change.

View solution in original post

3 Replies 3

Go to solution
Handy Putra
Cisco Employee
Cisco Employee

‎04-11-2015 09:59 PM

Hi,

Is this means that the websites (certain sites) are requesting for client certificate to authenticate during the SSL handshake?

If this is true, can you check your HTTPS option from the CLI since by default when HTTPS servers ask for client certificate during handshake, WSA will reply with certificate unavailable and the handshake normally will breaks.

To check this:

1. log in to CLI
2. Type advancedproxyconfig command
3. Type HTTPS
4. Keep pressing enter to accept default value till you reached "Action to be taken when HTTPS servers ask for client certificate during handshake:" and change it to "Pass through the transaction"

5. Keep pressing enter till reach initial prompt
6. Type commit to save the change.

Go to solution
Is101008
Level 4
Level 4
In response to Handy Putra

‎04-13-2015 01:02 AM

Thanks. Did it for me. I couldn´t find this Setting in the GUI or user guide. Good to know it is there

 

Best regards

0 Helpful

Go to solution
David Niemann
Level 3
Level 3
In response to Handy Putra

‎07-01-2015 07:05 AM

I had this problem and this helped me too!!

0 Helpful
Customers Also Viewed These Support Documents