Jump to content
Jenova

SSL filtering - cert checking order

Recommended Posts

Greetings!

We have a test local CA used for internal resouces (both in local network and datacenter network (real IPs) connected to our local network via VPN). Been testing several websites (both in LAN and in datacenter) with the certificate from local CA while it's added to Trusted Root CAs on local machine:

1) Windows client with latest EES installed and SSL filtering enabled in automatic mode - takes really long time to open the webpage first time. Then it works just fine for some time (like couple of hours),  after that - it's slow like hell again and goes to new cycle.

2) Windows client without EES installed - everything works just fine, no slow downs.

This type of behaviour looks like EES tries to verify the certificate via CAs in outside world and only after all attempts fail it looks in local machine Trusted Root CAs. And it "forgets" all that in couple of hours...

What's the order for checking Trusted Roots in SSL filtering functionality? What can be done to get rid of those delays?

Thanks in advance!

 

Share this post


Link to post
Share on other sites

We are already investigating an issue with the same symptoms, so it might be the same issue in fact.

Does the certificate used on the server have CRL Distribution Point X509 extension?
If so, is the URL in there accessible on the affected local machine?

The certificate is verified using the functionality OS provides. As a part of that process, the URL mentioned above is accessed.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...