1. SSL authentication with Keyring from ProxySG installed in the browser, still getting the certificate prompt
2. Certificate from the ProxySG has been installed in the Root Certificate folder of the browser (IE)
This issue occurs because the CN name in the keyring that has been installed in the browser is different from the hostname of the Virtual URL for SSL transparent authentication.
1. Create a new keyring by going to Management Console->Configuration->SSL->Keyrings and click on Create
2. Put in the name of the keyring, SSL_Proxy01 or any other up to you, click show keypair, select generate new and click OK and hit APPLY on the main screen.
3. Click on the new keyring and you have created, highlight it, and hit edit at the bottom and a box will appear.
4. In the certificate column at the top, hit create and fill up the information. Here, when filling up the information, make sure the Common Name is the same as the SSL authentication Virtual URL hostname. For example, if your SSL Authentication Virtual URL is https://proxy01:4433, then the Common Name is proxy01. This is extremely important.
5. Once this is done, use this keyring for your HTTPS Reverse proxy using port 4433 which is in the Services-Proxy Services. This is the same service that you created when creating the SSL Authentication Realm. Change the keyring from whatever you had earlier to this one that you just created. For a refresh of memory, see here /articles/Solution/SSLTransparentProxyAuthenticationusingIWA
6. Now, open the Visual Policy Manager, go to your SSL Intercept Layer, in the action where you have Enable HTTPS Interception, right click and hit edit and change the keyring to the one that you have just created.
8. Install this certificate into your browser's Trusted Root Certificate and you will not get anymore certificate prompt. This certificate can also be installed to all the browsers on all computers by pushing via GPO.
Imported Document ID: 000009576
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.