KB Article | Forcepoint Support

Problem Description

Certificate error on Client Linux machine when HTTPS site is being accessed via CLI. SSL decryption is enabled on proxy.
[root@centos73a ~]# wget https://www.purple.com
--2020-01-28 09:19:30-- https://www.purple.com/
Connecting to 172.31.0.132:8080... connected.
ERROR: cannot verify www.purple.com's certificate, issued by ‘LDAP-STRING’:
Self-signed certificate encountered.
To connect to www.purple.com insecurely, use `--no-check-certificate'.

 

Resolution

Please follow the below steps to resolve this issue via CLI:
  1. Confirm if the Linux machine is configured for correct Proxy
echo $http_proxy
echo $https_proxy
  1. Download the Public key certificate from WCG. 
    1. Log into Content Gateway Manager.
    2. Navigate to Configure > SSL > Internal Root CA >Backup Root CA.
    3. Click Save Public CA Key.
  2. Copy the certificate file to /etc/pki/ca-trust/source/anchors on the Linux client machine.
  3. Run the command: update-ca-trust extract
  4. Now check the HTTPS Site access via WGET or CURL command.

Reference:
https://www.mankier.com/8/update-ca-trust

Article Feedback



Thank you for the feedback and comments.