Why some HTTPS/SSL sites fails thru proxy using IE 8 & IE 9 even proxy is not Intercepting SSL traffic?


<< Back to Knowledge Search

Solution

Overview

 

There is a process called Certificate Revocation, which IE appears to be validation for some HTTPs/SSL sites.
 
The PCAP shows, client closes the connection during SSL handshake just after server submits its certificate. This occurs because there is certificate revocation process starts for some of these sites/urls, and apparently it is failing authentication on proxy SG since the User-Agent is “Microsoft-CryptoAPI”.
 
Workaround:
You must bypass authentication for this user agent ““Microsoft-CryptoAPI”.
You can do it via VPM or CPL.
Using VPM
Start VPM -> Go to Web Authentication Layer -> Add a rule on the top -> select Source field -> right click & choose SET -> New -> Request Header -> choose User-agent from Header Name -> in the Header Regex field type “Microsoft-CryptoAPI” (without quotes) -> OK -> OK -> set action to “donot authenticate” -> Install policy
Using CPL:
1.       Launch and log into the Management Console on your ProxySG.  The URL for the Management Console is https://<ip.address.of.proxysg>:8082/ .
2.       Click on the Configuration tab > Policy > Policy files > Policy files tab. 
3.       There is an "Install policy" section where you can install policy from a local file, forward file, and central file.
4.       Select "Text Editor" from the drop down list to the right of "Install Local file from:" text.  Click on the Install button to the right of that drop down box.
5.       If this is a new proxy deployment, your local policy may be blank.  If this is an established proxy with local policy, scroll down to the bottom of the data contained in the text editor.
6.       Copy and paste the CPL text that you see below.  Click on the Install, OK, and Close buttons in that order.  Click on the Apply button.  Your new policy has been installed.
<Proxy>
request.header.User-Agent=Microsoft-CryptoAPI authenticate(no)
Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ1587
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Software      SGOS 4, SGOS 5, SGOS 6
Article Number      000016659
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat