Cisco Bug: CSCzv05731 - Appliance is not replacing the expired intermediate certificate with...
Nov 12, 2016
- Cisco Web Security Appliance
Known Affected Releases
7.1.3-014 7.1.4-000 7.5.0-000 7.5.1-000 7.7.0-000
Symptom: Cisco WSA Appliance is not replacing the expired Intermediate certificate with the updated intermediate certificate version (like browsers do). Cisco WSA is using only the intermediate certificate originally provided by the client, ignoring imported, updated version, and dropping the request if HTTPS proxy is configured to block Expired certificates. Conditions: The issue happens only if the HTTPS site has the following certificate chain: 1. Root certificate - valid ---> valid Intermediate certificate - expired but an updated version has been published by the CA and imported to the Trusted Root Certification Authorities. 2. Server certificate - valid 3. WSA HTTPS proxy is configured to block sites with Expired certificates.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases