Technical Alerts

SSL issues after upgrading to 6.2.8.1

Technical Alerts ID:    TFA95
Version:    3.0
Status:    Published
Published date:    03/26/2012
Updated:    04/30/2012
 

Affected products and versions

All ProxySG platforms running SGOS 6.2.8.1.

 

Note: This issue has been fixed in SGOS 6.2.9.1.

Problem description

The list of valid certificate authorities packaged in SGOS 6.2.8.1 is missing one of VeriSign's servers. Trying to access a website that uses a certificate signed by that server will cause the proxy to fail certificate validation and return an exception back to the user.

Workaround

The Certificate Authority can be manually added to the ProxySG's configuration file using the following instructions

1. Open the ProxySG's GUI and go to SSL / CA Certificates
2. Click on Import, name the certificate and Copy/Paste the certificate information below, making sure there are no extra spaces before or after the markers

Note : In SGOS 6.3, this Certificate Authority is named "VRSN_Class_3_Pub_Pri_Cert_Auth_G1" so Blue Coat recommends using that name as well
 

 

-----BEGIN CERTIFICATE-----
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
-----END CERTIFICATE-----

 

 

3. Click "OK", then "Apply"

 

4. Click on the "CA Certificate Lists" tab, pick "Browser-trusted", then click "Edit"

5. Pick the certificate you just created, click "Add", then click "OK"

6. Click "Apply"


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question