This article applies to:
- WAF (WebDefend) 7.6 GA and older.
Symptoms:
- Cannot log in to WAF from the console
Causes:
- The certificate used for authentication has expired as of 10 July 2016
Resolution:
To resolve this issue, download and install new certificate files.
- Updated certificates are available for download from the Trustwave Support Portal (https://login.trustwave.com/).
- Log in to the portal and navigate to File Library > private > WAF > WebDefend > Console certificate > newcerts.zip
- If you do not have permission to access this file, contact Trustwave TAC.
- Download this file from the location above in the Trustwave Support Portal.
- Copy the zip file to each WAF appliance (/home/bgse/pub) using WinSCP or other copying methods.
- Log in to the WAF system.
- Change to the /home/bgse/pub directory (must be root).
- Unzip the file while in the /home/bgse/pub directory.
- Replace the ca.crt file in /opt/breach/bwd/common with the new file:
# cp /home/bgse/pub/ca.crt /opt/breach/bwd/common/ca.crt
- Replace the console.crt file in /opt/breach/bwd/conf with the new file:
# cp /home/bgse/pub/console.crt /opt/breach/bwd/conf/console.crt - Replace the console.jks file in /opt/breach/reporting/ with the new file:
# cp /home/bgse/pub/console.jks /opt/breach/reporting/console.jks - Restart all services using one of the following methods:
- From root, su bgoperator then use menu options 1, 1, 4 restart services
- From the command line interface: service all_services_init restart
- On PCs where the console is installed:
- Ensure the Console is not running
- Replace the file console.crt in %BGD_HOME%\conf_tools with the new file.
Notes:
- On a distributed WAF installation, the WAF certificates must be replaced and services restarted on all machines (the NTM and the sensors).
- If you are connecting to a Terminal Server or using Remote Desktop, you must upgrade to version 7.6. This is required due to an issue with Windows reading the user rights.