cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
nashcoop
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 2
‎05-04-2020 05:28 AM

SSL inspection causing certificate issues with web developer tools

Jump to solution

We're running into a problem with SSL inspection causing certificate issues with some of our web developer tools like Ubuntu when it makes calls on port 443.  MWG reporting doesn't seem to recognize these problems, and I'm usually able to workaround it by adding the hostname (after the end user tells me what it is) it's calling out to into the MCP bypass list or whitelisting it on the gateway, however I'd like to know if there's a way to fix the problem on the front end in the web developer tools.  Perhaps importing the certificate into them?  Any help would be appreciated. 

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Accepted Solutions
aloksard
Employee
Employee
Report Inappropriate Content
Message 2 of 2
‎05-05-2020 11:01 AM

Re: SSL inspection causing certificate issues with web developer tools

Jump to solution

Hi,

Hope you are doing well.

 

When MWG doing SSL inspection , in that case MWG generates a certificate on the fly for the HTTPS website requested, so if the client is not able to trust that certificate then SSL handshake fails and you can see Unknown CA/CERT_AUTHORITY_INVALID kind of errors.  You can take a packet capture or check for any log at client side to confirm on the same.  If yes then importing the certificate into them will help.

 

When you bypass SSL inspection in that case SSL handshake happens directly between client and destination server and certificate is received from actual destination server which the client side is successfully able to trust.

 

Regards

Alok Sarda

View solution in original post

0 Kudos
Reply
1 Reply
aloksard
Employee
Employee
Report Inappropriate Content
Message 2 of 2
‎05-05-2020 11:01 AM

Re: SSL inspection causing certificate issues with web developer tools

Jump to solution

Hi,

Hope you are doing well.

 

When MWG doing SSL inspection , in that case MWG generates a certificate on the fly for the HTTPS website requested, so if the client is not able to trust that certificate then SSL handshake fails and you can see Unknown CA/CERT_AUTHORITY_INVALID kind of errors.  You can take a packet capture or check for any log at client side to confirm on the same.  If yes then importing the certificate into them will help.

 

When you bypass SSL inspection in that case SSL handshake happens directly between client and destination server and certificate is received from actual destination server which the client side is successfully able to trust.

 

Regards

Alok Sarda

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC