Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
the_rock
Legend
Legend

Updating trusted CA list on mgmt server

Hey guys,

 

I hope someone can clarify this for me. I know there were posts about it before and process for updating the trusted CA list, but TAC engineer told me this is not even needed in R81.10. Whole reason is that customer enabled https inspection, but they get "untrusted certificate" when going to bunch of azure and microsoft websites, so we had to whitelist lots of them, but makes no sense why their trusted CA list on mgmt server is missing way more certs than my lab mgmt. Their version is R81.10 jumbo 30 and I am on latest R81.10 jumbo 61, but I dont really think that matters. Just to be sure I gave them zip file for latest update and they uploaded it, even did reboot of mgmt server, but same problem.

 

Any idea as to why this could be happening?

Thanks as always!

0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee

If the auto updates are configured per sk173629 and internet connectivity isn't an issue please contact TAC to diagnose this further.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend

Yup, all that was checked already and configured. TAC said they will investigate on their end, but no useful advice yet. I told them I will spin up windows 10 VM in the lab, slap it behind the fw and see what happens when inspection is on. I dont know what you think about this, but do you believe it may to do with the fact customer replaced default cert for user check with their own? I dont think it does, but cant say for certain. Thanks again for your help @Chris_Atkinson 

0 Kudos
the_rock
Legend
Legend

Did a test in the lab and worked fine for me, no issues with azure/microsoft sites...BUT, I never replaced the default user check cert, so not sure if that could be a problem, since customer did do that.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events