This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

login.mittwald.de: Certificate error - GeoTrust

Hello,

since today, we are not able anymore to access https://login.mittwald.de/ because of one of these well known certificate errors.
We've checked that certificate with Chrome without SSL-Proxy and it seems to be valid. Currently we use a "trust check" exception.
I'm not sure if an upload of the affected certificate into the UTM keychain would help so we will keep it this way until the next UTM update.

Since Mittwald is a big player in Germany, we hope that this issue will be solved soon.

This thread was automatically locked due to age.

0 mod2402 over 9 years ago

Hi SmallAdmin,

I've no Problem, if I access these site with full https inspection. (9.206-35)

2014:09:17-17:45:32 asg-2 httpproxy[6179]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.124.60" dstip="46.30.59.62" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (w8 standard Proxy mit Inspection)" filteraction="REF_HttCffsslinspection (sslinspection)" size="1985" request="0x1420e9f0" url="login.mittwald.de/.../x-gzip"

Please post the Proxy log line for this access.

Which Firmware release do you use?

regards
mod

0 traxxus_01 over 9 years ago

I can access the site without problems.

Did you have SSL inspection enable in WebFiltering?
Cancel
Vote Up 0 Vote Down

Cancel
0 mod2402 over 9 years ago in reply to traxxus_01

I can access the site without problems.

Did you have SSL inspection enable in WebFiltering?

I can access this site with full https inspection and without any problem.
Cancel
Vote Up 0 Vote Down

Cancel
0 skm over 9 years ago

This is because CA certificate is not in CA database on UTM. You have to check in Web Protection > Filtering Options > HTTP CAs if issuer CA cert is there, if yes then you have to check if sha/md5 hash of CA certificate from CA that issued certifficate for mittwald is the same as certificate imported on UTM.
Cancel
Vote Up 0 Vote Down

Cancel
0 mod2402 over 9 years ago in reply to skm

This is because CA certificate is not in CA database on UTM. You have to check in Web Protection > Filtering Options > HTTP CAs if issuer CA cert is there, if yes then you have to check if sha/md5 hash of CA certificate from CA that issued certifficate for mittwald is the same as certificate imported on UTM.

The CA certificate is by default in the local db. I've no issues. I think, a screenshot of the certificate error and a log entry could be usefull.
Cancel
Vote Up 0 Vote Down

Cancel