Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2459
Views
0
Helpful
5
Replies

WSA HTTPS Proxy Certificate update problem

Go to solution
orkhan.rustamli.96
Level 1
Level 1

‎12-04-2018 03:53 AM

Hello, everyone. I am in my first month at new job and trying to fix some problems. One of them is that we have 2 WSAs those working in Forward mode. Browsers get WPAD.dat file from Citrix load balancer so that part of workers access internet through first WSA and another part from the second. The problem is that the previous worker uploaded https proxy certificate to secon WSA not correctly. The common name is wrong and this cause some users to get error when accessing the internet. I Security Services -> HTTPS Proxy -> Edit Settings -> and  generated new CSR with correct name. Then I signed it with our internal CA server and uploaded into WSA. The ironport accepted it. I submitted and committed changes. The problem is the users still get the old certificate and error. How I can apply my changes?

 

Thanks in advance.

 

 

Labels:
Preview file
243 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
orkhan.rustamli.96
Level 1
Level 1
In response to sadik.sener1

‎12-16-2018 09:39 PM

Hello and thank you for your reply. Actually, I have already solved the problem. The problem was because we are doing AD authentication the certificate on authentication box also required to be changed.

 

Thanks you again

View solution in original post

0 Helpful
5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-04-2018 06:29 AM

If the Pre-build Windows then your certificate might have already packaged  with packages.

 

To test, download the correct certificate and load to PC and test it. 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Handy Putra
Cisco Employee
Cisco Employee

‎12-04-2018 11:29 AM

Make sure that you clear the browser history/cache, in case the browser still remembering the old connection.

 

Regards

Handy Putra

0 Helpful

Go to solution
sadik.sener1
Level 1
Level 1

‎12-13-2018 11:17 PM

Hi Orkhan, I suspect the thing is, your clients do not trust SubCA.

 

Please check if this certificate is installed on their trusted intermediate certification authorities folder.

You can do that by : typing mmc in run or cmd, when the dialog box opens up, file-> add or remove snap in-> certificates -> computer account -> ok ->  (do the same for user account also ) and check for both of the stores if the problemmatic pc trusts the subordinate CA

Regards

0 Helpful

Go to solution
orkhan.rustamli.96
Level 1
Level 1
In response to sadik.sener1

‎12-16-2018 09:39 PM

Hello and thank you for your reply. Actually, I have already solved the problem. The problem was because we are doing AD authentication the certificate on authentication box also required to be changed.

 

Thanks you again

0 Helpful

Go to solution
lamex2016
Level 1
Level 1
In response to orkhan.rustamli.96

‎05-15-2023 07:51 AM

I have the same question with you. After reading your answer, I don't quite understand how to operate it. Could you tell me the specific way to do it,thank you!

0 Helpful
Customers Also Viewed These Support Documents