Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Certificate warning appears after enabling HTTPS decryption in InterScan Web Security Virtual Appliance (IWSVA)

    • Updated:
    • 10 Dec 2015
    • Product/Version:
    • InterScan Web Security Virtual Appliance 5.6
    • InterScan Web Security Virtual Appliance 6.0
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • Virtual Appliance 5.1
Summary

When using HTTPS decryption, the following certificate error is preventing you from browsing HTTPS sites:

The security certificate presented by this website was not issued by a trusted certificate authority.

IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete HTTPS traffic decryption. However, the default CA is not signed by a trusted CA on the internet, therefore, the client browser will display this certificate warning message.

Details
Public

To resolve the issue, it is recommended that you import the internal CA certificate which is trusted by all clients into IWSVA.

To import a CA certificate:

  1. From the main menu, click HTTP > HTTPS Decryption > Settings | Certificate Authority.
  2. Click Browse next to Certificate to select a certificate file. IWSVA supports certificates using Base64-encoded certificate and RSA-based encrypted private key in PEM file format.
  3. Click Browse next to Private Key to select the private key associated with the CA certificate.
  4. Type the passphrase.
  5. Click Import CA.

If you do not have a PKI (nointernal CA certificate), you may choose to trust the default IWSVA certificate.

To trust a certificate:

  1. From the main menu, click HTTP > HTTPS Decryption > Settings | Certificate Authority.
  2. Click Export Public CA Key.
  3. Follow the on-screen prompt to save the certificate file on your computer.
  4. If all clients are in the AD domain, modify the group policy to add the saved certificate into Trusted Root Certificate Authorities.
  5. If there is no AD, you have to copy the certficate to clients.
  6. On clients, go to IE > Settings > Internet Options > Content | Certificates.
  7. On the Trusted Root Certification Authorities tab, click Import.
  8. Follow the wizard to import the certificate.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1113148
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.