I am trying to get SSL Forward Proxy working properly, generally it seems to be OK but I have a site I have tested
is for the bank hsbc
that gives an error..
There is an issue with the SSL certificate of the server you are trying to contact.
I have read this
Coincidentally, the site in the help link actualy uses the exact same certificate as HSBC.
I have imported both certificates in the chain
"DigiCert High Assurance EV Root"
"DigiCert SHA2 Extended Validation Server CA"
Tried setting root and SHA2 as CA...
But the error persists for both the site I need and the site from the help document.
My forward Proxy is presently configured like.... ( I had to disable "Check Timeout" as that failed also )
[/] Block sessions with expired certificates
[/] Block sessions with untrusted issuers
[/] Block sessions with unknown certificate status
[ ] Block sessions on certificate status check timeout
[ ]Restrict certificate extensions
Hey there Rob @RobinClayton ,
I am sorry that you are having issues trying to decrypt that one site.. but I will state that in the normal setup for SSL Decryption, we normally exclude Banking and Medical sites to reserve privacy.
I assume that other sites work without issue?
Keep in mind that depending on your actual firewall configuration, you may not be recording the logs for this traffic. You'll want to ensure that you have your security rulebase and routing setup so that the firewall sees and logs this traffic. Alternatively, since you are now sourcing the traffic to from your untrust interface you can start a PCAP and look for the traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!