Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

transparent wsa and https traffic

folks

 

i've deploying a S300V in transparent mode and using wccp

 

i have a single policy allowing http and https

 

http works fine but https doesn't

 

i can see both sets of requests go out through my outer firewalls but the https handshake doesn't get past the client hello

 

the VM is being used on a guest wifi network so clients won't be authenticated, won't have a common root certificate and i don't want to decrypt traffic

 

tac are telling me i need to enable the https proxy but i can't as clients won't have the root certificate required

 

do i need to use https proxy?

 

thanks to anyone taking the time to reply

 

2 REPLIES

You still have to use the

You still have to use the https proxy if you're going to use HTTPS, even if you're not going to decrypt.  If it doesn't decrypt, it passes through the certs from the site, so your users shouldn't see an issue. (I haven't tested this so I won't guarentee it...)

 

New Member

Ken, If I dont to decrypt

Ken,

 

If I dont to decrypt HTTPS but still want the traffic to be inspected for URL and web reputation, do I need to upload a root certificate still? I would have assume not as I do not want to decrypt HTTPS but the GUI doesn't allow me to enal HTTPS Proxy without uploading a certificate; basically I cannot "Enable HTTPS Proxy" and submit without a cert.

 

Basically what I just want to do is just pass through the HTTPS traffic to be check against the Access policies that the HTTP is being checked against.

 

Is this viable? If so can you let me know how I can achieve the above?

 

Thanks

257
Views
0
Helpful
2
Replies