Smoothwall and adobeconnect

[CyberNerd]

We have a bit of an issue with smoothwall and adobe connect and I wonder if anyone can shed any light here.

We don't use https inteception.
When browsing through smoothwall to adobeconnect test site:
Test Meeting Connection

we get an error "revocation information for the security certificate for this site is not available"

A workaround, unticking "check for publishers certificate revocation" in IE appears to work.
I think this is something to do with the wildcard here: my.adobeconnect.com but I'm not sure how to proceed.

We've whitelisted my.adobeconnect.com. This doesn't occur when using squid, only with smoothwall.

TIA

[tumbleweed]

Had the same here, last week - same workaround to get us going, but not something I'm really happy with. And yes, we run Smoothwall.

[DT2]

I'm working on it. I'll let you know what I find.
If you can PM me your specifics in the meantime.

DT

[DT2]

@CyberNerd I've tested this through my NG and it seems fine.
Just remind me, G2 or G3?
And would you mind archiving your guardian settings/policies and sending them to me please.
I think you have my email.

Daren

[CyberNerd]

@CyberNerd I've tested this through my NG and it seems fine.
Just remind me, G2 or G3?
And would you mind archiving your guardian settings/policies and sending them to me please.
I think you have my email.

Daren

Thanks. It's Guardian 2008 - I think you were in the process of upgrading it, you were dealing with my colleague Chris. Give him a call and teamview in if you like

[DT2]

Will do.

DT

[TechMonkey]

Did you find a solution for this? Just come on my radar!

[DT2]

@OB1 or @tom_newton may very well be able to answer this for you.
I left Smoothwall in June ( ) to emigrate to Canada, unfortunately I never got to the bottom of this one.
Dammit Smoothwall, where's your Canada office????

DT

[CyberNerd]

Did you find a solution for this? Just come on my radar!

Sorry I don't remember if there was a permanent fix or whether we just re-routed any connections through our dansguardian 'backup'

[Duke5A]

I'm running a couple Squid proxies and had similar issues with certificate revocation on a number of different sites and services. With certificate revocation on a connection is attempted to reach the CA to check the status of the certificate. While checking the Squid access log I noticed that credentials weren't being passed to Squid for those connections going out to the CA (we use NTLM authentication for our proxies). As a result, Squid wasn't forwarding that connection and the revocation check was failing. To get around it I added the CA domain to an ACL that is allowed to bypass proxy authentication. Adobe uses Verisign for this particular certificate as my proxy shows a connection to ocsp.verisign.com in the middle of all the connections to my.adobeconnect.com. Allowing unobstructed access to Verisign's TLD and sub domains should fix the issue. I hope this helps.

[TechMonkey]

You sir are a scholar and a gent!

Worked perfectly.

I shall pass on to Smoothwall and hopefully they can make some update that includes the Cert addresses to be bypassed.

[CyberNerd]

Cheers, I'll update my (exactly) 12 month old workaround