Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

WSA HTTPS Proxy Problem

Hello,

 

I have fresh install of WSA 8.0.5 and HTTPS proxy isn't working. HTTPS proxy is enabled, and I have tried both uploaded root certificate and generated on locally. Basically HTTP proxy is working. But I am unable to open HTTPS web sites.

Also there is strange behavior with browsers, IE, Chrome and FF are unable to open HTTP sites. But Maxthon is working.

When I use Policy trace, it show that is successfully process https traffic.

 

What can be problem, and how can I trouble shoot this problem ?

 

Thanks in advance,

4 REPLIES

Hi ngtransge,    About HTTPS

Hi ngtransge,

    About HTTPS traffic, do you have any Decryption Police applied at WSA? HTTP traffic is matching the expected Access Policy? The WSA it's fully licensed?

 

Best regards,

 

Alexsandro Reimann.

Bronze

Hi, Are you using Self signed

Hi,

 

Are you using Self signed certificate on the WSA? If yes then you would have to download the WSA certificate and install it on the client machines so that they trust the WSA and allow HTTPS connections to it.

 

Make sure you place the certificate under the "Trusted Root Certificate Authorities"

 

Regards,

Kush

New Member

Hello,

Hello,

 

I am using demo WSA, and it has temporary license. 

 

I have generated self signet certificate, and imported on clients root ca store.

HTTP traffic is matched in access policies, but HTTPS didn't working. 

hire is https debug:

 

 

Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:36 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:36 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:36 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:36 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:36 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:36 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:37 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:37 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:37 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:38 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:38 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:38 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

Mon Jul 14 19:51:39 2014 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake
Mon Jul 14 19:51:39 2014 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
Mon Jul 14 19:51:39 2014 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155

 

 

What can be problem ?

 

 

Hi ngtransge,        The

Hi ngtransge,

 

       The certificate at WSA has 1024bits sha1? Normally windows clients drop the SSL handshake with certificates lower than 1024bits. The failure at SSL could indicate this kind of problem, since you already installed the certificate at clients desktops.

 

Rate successful replies, 

Alexsandro Reimann.

878
Views
10
Helpful
4
Replies
CreatePlease login to create content