Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2887
Views
10
Helpful
4
Replies

WSA HTTPS Proxy Problem

ngtransge
Level 1
Level 1

‎07-02-2014 11:30 AM

Hello,

 

I have fresh install of WSA 8.0.5 and HTTPS proxy isn't working. HTTPS proxy is enabled, and I have tried both uploaded root certificate and generated on locally. Basically HTTP proxy is working. But I am unable to open HTTPS web sites.

Also there is strange behavior with browsers, IE, Chrome and FF are unable to open HTTP sites. But Maxthon is working.

When I use Policy trace, it show that is successfully process https traffic.

 

What can be problem, and how can I trouble shoot this problem ?

 

Thanks in advance,

Labels:
0 Helpful
4 Replies 4

Alexsandro Reimann
Level 1
Level 1

‎07-03-2014 02:48 PM

Hi ngtransge,

    About HTTPS traffic, do you have any Decryption Police applied at WSA? HTTP traffic is matching the expected Access Policy? The WSA it's fully licensed?

 

Best regards,

 

Alexsandro Reimann.

kushsriva
Level 1
Level 1

‎07-10-2014 04:58 AM

Hi,

 

Are you using Self signed certificate on the WSA? If yes then you would have to download the WSA certificate and install it on the client machines so that they trust the WSA and allow HTTPS connections to it.

 

Make sure you place the certificate under the "Trusted Root Certificate Authorities"

 

Regards,

Kush

ngtransge
Level 1
Level 1
In response to kushsriva

‎07-14-2014 01:06 PM

Hello,

 

I am using demo WSA, and it has temporary license. 

 

I have generated self signet certificate, and imported on clients root ca store.

HTTP traffic is matched in access policies, but HTTPS didn't working. 

hire is https debug:

 

 

Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:36 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:36 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:36 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:36 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:36 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:37 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:37 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:37 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:38 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:38 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:38 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:39 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:39 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:39 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

 

 

What can be problem ?

 

 

0 Helpful

Alexsandro Reimann
Level 1
Level 1
In response to ngtransge

‎07-14-2014 05:56 PM

Hi ngtransge,

 

       The certificate at WSA has 1024bits sha1? Normally windows clients drop the SSL handshake with certificates lower than 1024bits. The failure at SSL could indicate this kind of problem, since you already installed the certificate at clients desktops.

 

Rate successful replies, 

Alexsandro Reimann.

0 Helpful
Top