Some Sites signed by Thawte premium server and Thawte primary root ca now give "untrusted server certificate error" since upgrade to 5.5.9.1.


<< Back to Knowledge Search

Technical Alert

Affected Products

5.5.9.1

6.2.8.1 , 6.2.9.1

6.2.3.2

 Other versions may be affected.

 

 

Overview

We are receiving reports that on certain versions of sgos that access to some sites signed by Thawte are returning "untrusted issuer" error when detect protocol is enabled.


Sites which present the following CA WORK:
Common name: thawte Primary Root CA
Organization: thawte, Inc.
Location: US
Valid from November 16, 2006 to December 30, 2020
Serial Number: 3365500879ad73e230b9e01d0d7fac91 <----------Notice the only difference is the serial number.
Signature Algorithm: sha1WithRSAEncryption
Issuer: Thawte Premium Server CA

 

Sites which present the following CA DO NOT WORK:
Common name: thawte Primary Root CA
Organization: thawte, Inc.
Location: US
Valid from November 16, 2006 to December 30, 2020
Serial Number: 5fa6be80b686c62f01ed0cabb196a105 <----------Notice the only difference is the serial number.
Signature Algorithm: sha1WithRSAEncryption
Issuer: Thawte Premium Server CA

This only happens with certs signed by Thawte.

Status

bug 175163 has been raised for this issue. If you hit this bug then please contact support and they can add the sr to the bug.

Resolution
Workaround

Add the following certificate (copy and paste) to the blue coat (gui > configuration panel > ssl > CA certificates > Ca certificates tab > import. Once you have done that add the imported CA certificate to the browser-trusted (Ca certificate list tab) certificate list. That is assuming the browser trusted list is the one configured for the ssl proxy which it is by default.

 

-----BEGIN CERTIFICATE-----
MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
-----END CERTIFICATE-----
 

Bug Number
InQuira Doc IdTFA106
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Article Number      000007646
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat