Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

“Certificate Error: There is a problem with this website's security certificate…” appears when a first time user opens a browser in InterScan Web Security as a Service (IWSaaS) 2.0

    • Updated:
    • 16 Apr 2017
    • Product/Version:
    • InterScan Web Security as a Service 2.0
    • Platform:
    • Windows Server 2012
Summary

The following message appears when you try to access a browser for the first time:

Certificate Error: There is a Problem with website's security certificate.

The security certificate presented by this website was issued for a different website's address.
The security certificate presented by this website was not issued by a trusted certificate authority.

Details
Public

The issue occurs because of the Authentication Agent that you deployed that also works as an HTTPS website. You host this website and the URL (hostname/IP) is not the default one, therefore, the default certificate is not valid for the Authentication Agent.

The default certificate is signed by the IWSaaS service CA, but in this case, the default URL "authagent.iws.trendmicro.com" will not match the address of your authentication agent site.

You need to apply for a valid certificate, which is signed by a trusted CA, with the right site address and import the certificate into the Authentication Agent by the authentication tool.

To resolve the issue, create certificate files and import them to the authentication agent tool:

  1. Open a command prompt.
  2. Run the following command to change the directory to C:\Program Files (x86)\Trend Micro\InterScan Web Security as a Service\AuthenticationAgent\Apache-20\bin

    cd "C:\Program Files (x86)\Trend Micro\InterScan Web Security as a Service\AuthenticationAgent\Apache-20\bin"

  3. Execute the following command to create the certificate files:

    openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout "%tmp%\auth.key" -out "%tmp%\auth.crt" -config ..\conf\openssl.cnf

     
    -days 3650: expires after 3650 days (10 years). You can change this number.
  4. Input the parameters of the certificate (take note of the value of "Common Name"):

    *Common Name: auth.example.com {FQDN or IP of Authentication Agent, e.g. 192.168.1.1}

  5. Go to %tmp% folder and get auth.key & authcrt.
  6. Import them to the Authentication Agent tool

After the certificate is imported into the Agent, you can now import the certificate into the browser's trust certificate (Trusted CA) list.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1116667
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.