Cannot log in to WAF due to expired certificate


This article applies to:

  • WAF (WebDefend) 7.6 GA and older.

Symptoms:

  • Cannot log in to WAF from the console

Causes:

  • The certificate used for authentication has expired as of 10 July 2016

Resolution:

To resolve this issue, download and install new certificate files.

  1. Updated certificates are available for download from the Trustwave Support Portal (https://login.trustwave.com/).
    • Log in to the portal and navigate to File Library > private > WAF > WebDefend > Console certificate > newcerts.zip
    • If you do not have permission to access this file, contact Trustwave TAC.
  2. Download this file from the location above in the Trustwave Support Portal.
  3. Copy the zip file to each WAF appliance (/home/bgse/pub) using WinSCP or other copying methods.
  4. Log in to the WAF system.
  5. Change to the /home/bgse/pub directory (must be root).
  6. Unzip the file while in the /home/bgse/pub directory.
  7. Replace the ca.crt file in /opt/breach/bwd/common with the new file:
    # cp /home/bgse/pub/ca.crt /opt/breach/bwd/common/ca.crt
  8. Replace the console.crt file in /opt/breach/bwd/conf with the new file:
    # cp /home/bgse/pub/console.crt /opt/breach/bwd/conf/console.crt
  9. Replace the console.jks file in /opt/breach/reporting/ with the new file:
    # cp /home/bgse/pub/console.jks /opt/breach/reporting/console.jks
  10. Restart all services using one of the following methods:
    • From root, su bgoperator then use menu options 1, 1, 4 restart services
    • From the command line interface: service all_services_init restart
  11. On PCs where the console is installed:
    • Ensure the Console is not running
    • Replace the file console.crt in %BGD_HOME%\conf_tools with the new file.

Notes:

  • On a distributed WAF installation, the WAF certificates must be replaced and services restarted on all machines (the NTM and the sensors).
  • If you are connecting to a Terminal Server or using Remote Desktop, you must upgrade to version 7.6. This is required due to an issue with Windows reading the user rights. 

Last Modified 1/23/2017.
https://support.trustwave.com/kb/KnowledgebaseArticle20637.aspx