Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 4 subscribers
  • Views 1837 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webproxy "overrides" certificate?

GernotMeyer

Hi all,

we have an UTM 9.5. Webproxy is in Standard Mode and SSL scan is off.

There is one external page with a valide certificate. Calling that page (SSL) with any browser is fine.

When login to an application on this page, the "unsafe" webproxy CA Certificate from the UTM shows up.

Accepting twice (unsafe certificate) the valide cert from that page comes back again.

That phänomen is only with IE (on all computers), not with Firefox or chrome and only one page.

So turning off the webproxy from standard to transparent mode and the problem is gone.

I have no idea what causes this reaction. What causes the UTM proxy to replace a cert from an external page?



This thread was automatically locked due to age.
  • 0

    Without SSL-Scanning the "unsafe" webproxy CA Certificate ist used by the UTM to show error or message pages generated by UTM.

    Blocked popups/categories (from ADS or diagnostic redirects) can use these certificate too.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    OK. I expected this.

    Is there any idea how to figure out which kind of error message this is?

  • 0 in reply to GernotMeyer

    î would use the webproxy log filtered by the client-ip.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    ugly job but I will try.

     

    Thanks!

  • 0 in reply to GernotMeyer

    Wenn der Kaffee gut ist, komme ich vorbei (Potsdam).


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

    If HTTP scanning is off then the proxy normally only replaces the certificate (does man-in-the-middle) if it needs to block access for some reason (either block or error).  It does this to display a custom page to the user instead.  For example if a page loads something that links to another HTTPS page for a domain that does not exist, the UTM will do a MITM to display a "web page cannot be found".

    You would need to look at the httpproxy logs to know more.

    If this is just a single site, you can create an exception for it.

Unfiltered HTML