This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS Proxy Issue

Hi, let's hope this works ok, first post on this new platform.

I cannot enable the HTTPS proxy option without the web proxy becoming completely unstable and constantly restarting with the following error:

2015:11:08-20:52:11 sirius httpproxy_6829_: id=_0003_ severity=_info_ sys=_SecureWeb_ sub=_http_ request=_0xe22d1800_ function=_ssl_create_ file=_ssl.c_ line=_859_ message=_SSL_CTX_check_private_key: failed_

I tried recreating the HTTPS signing CA cert, no go so I created a self-signed CA keypair with openssl all to no avail.
Finally I tried a factory reset, then enabling HTTPS proxy ends up doing the same thing.

Steps to reproduce: Enable Web Proxy in Transparent mode and choose any option besides not scanning HTTPS (URL on 2 Decrypt ones)

I was with 9.350 then updated to 9.351 (NOTE: I am not saying it worked in 9.350, I tried updating to 9.351 to fix this issue, so I can confirm the issue only on those 2 versions)

Thanks for any help

This thread was automatically locked due to age.

Parents

Scott_Klassen over 9 years ago

I'm not seeing this in 9.351, so somewhat difficult to diagnose, without being able to replicate. Is your UTM overloaded (high CPU and/or memory usage)? If you are a paid license user, you may want to open up a case with support.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
alldevnull over 9 years ago in reply to Scott_Klassen

Thanks Scott,

It's a Software install in a VM. What I ended up doing is downgrading to 9.314 and all is fine ever since (minus the config I had to redo by hand since I could not import my newer config backup). I tried everything on 9.351 as I said, even factory reset (but NOT a reinstall). I made my own CA key/cert, converted to p12 and imported.. both EC key and RSA key for good measure. If the sequence is relevant, I first started with an EC key, then when that failed I just "Regenerated" it via the WebUI.. One thing of note, the CA you create uses 1024bit keys which is pretty weak. I cannot find where this can be configured but on 9.314, my RSA CA Key/cert imported properly (didn't try EC) an is 2048 bits so I have no problems per se.

It's an odd error message to be sure, I have spent half a day on this, I don't have time to pursue it further but I will do an upgrade (snapshotting my VM beforehand) to see where that leads me. If it upgrades properly I will just attribute it to corruption to the binaries along the way (it was a 9.2 install that got upgraded and upgraded).

Thanks for chiming in.
Eric
Cancel
Vote Up 0 Vote Down

Cancel

Reply

alldevnull over 9 years ago in reply to Scott_Klassen

Thanks Scott,

It's a Software install in a VM. What I ended up doing is downgrading to 9.314 and all is fine ever since (minus the config I had to redo by hand since I could not import my newer config backup). I tried everything on 9.351 as I said, even factory reset (but NOT a reinstall). I made my own CA key/cert, converted to p12 and imported.. both EC key and RSA key for good measure. If the sequence is relevant, I first started with an EC key, then when that failed I just "Regenerated" it via the WebUI.. One thing of note, the CA you create uses 1024bit keys which is pretty weak. I cannot find where this can be configured but on 9.314, my RSA CA Key/cert imported properly (didn't try EC) an is 2048 bits so I have no problems per se.

It's an odd error message to be sure, I have spent half a day on this, I don't have time to pursue it further but I will do an upgrade (snapshotting my VM beforehand) to see where that leads me. If it upgrades properly I will just attribute it to corruption to the binaries along the way (it was a 9.2 install that got upgraded and upgraded).

Thanks for chiming in.
Eric
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data