This article applies to:
- Web Filter - All Versions
- WFR - All Versions
Question:
- How can I access the web interface if the TLS/SSL Certificate for the site is revoked?
Procedure:
Part 1:
- Open the Java Control Panel and select the Advanced tab.
- Locate the options for Certificate Revocation checks. Temporarily change the settings. Note that different versions of Java have different wording. The wording below is correct at version 8, update 66.
- Set Perform signed code certificate revocation checks on to "Do not check (not recommended)"
- Set Perform TLS certificate revocation checks on to "Do not check (not recommended)"
Remember to go back to the recommended setting "All certificates in the chain of trust" after you have generated your new certificate.
At this stage, you should have access to the product web interface.
Part 2:
From the User Interface:
- Navigate to System > Authentication > Enable/Disable. Make sure this option is enabled.
- If the option was not enabled, enabling it will take 2-3 minutes as some of the Tomcat services will be restarted.
- Once the setting is enabled, select Authentication > Authentication SSL certificate > Download/View Certificate
- Confirm that the certificate is invalid. Invalidity is most often caused by hostname mismatches, or an expired SSL certificate. If either applies to you, then you will want to delete the certificate via this tab.
- Create a new self-signed certificate: Authentication > Authentication SSL certificate > Self Signed Certificate > Create Self Signed Certificate.
During the above changes, services are being restarted to load the configuration. If you see an error message, a service may still be in the process of being restarted. Wait a short time and try again.
Part 3:
After the certificate has been created:
- Test by setting authentication back to disable ( Authentication > Authentication Enable/Disable > Set to disable (only applies if system is used for authentication).
- Remember to change the two Java certificate revocation check settings to the recommended setting "All certificates in the chain of trust"
Notes:
Additional information can be found in article Q12600.