Internet Related/Filtering/Firewall Thread, Smoothwall and adobeconnect in Technical; We have a bit of an issue with smoothwall and adobe connect and I wonder if anyone can shed any ...
15th November 2011, 01:27 PM #1
Smoothwall and adobeconnect
We have a bit of an issue with smoothwall and adobe connect and I wonder if anyone can shed any light here.
We don't use https inteception.
When browsing through smoothwall to adobeconnect test site:
Test Meeting Connection
we get an error "revocation information for the security certificate for this site is not available"
A workaround, unticking "check for publishers certificate revocation" in IE appears to work.
I think this is something to do with the wildcard here: my.adobeconnect.com but I'm not sure how to proceed.
We've whitelisted my.adobeconnect.com. This doesn't occur when using squid, only with smoothwall.
IDG Tech News
15th November 2011, 03:08 PM #2
Had the same here, last week - same workaround to get us going, but not something I'm really happy with. And yes, we run Smoothwall.
15th November 2011, 05:22 PM #3
I'm working on it. I'll let you know what I find.
If you can PM me your specifics in the meantime.
16th November 2011, 10:08 AM #4
@CyberNerd I've tested this through my NG and it seems fine.
Just remind me, G2 or G3?
And would you mind archiving your guardian settings/policies and sending them to me please.
I think you have my email.
16th November 2011, 10:22 AM #5
Thanks. It's Guardian 2008 - I think you were in the process of upgrading it, you were dealing with my colleague Chris. Give him a call and teamview in if you like
Originally Posted by DT2
16th November 2011, 10:30 AM #6
15th November 2012, 01:41 PM #7
Did you find a solution for this? Just come on my radar!
15th November 2012, 01:59 PM #8
@OB1 or @tom_newton may very well be able to answer this for you.
I left Smoothwall in June ( ) to emigrate to Canada, unfortunately I never got to the bottom of this one.
Dammit Smoothwall, where's your Canada office????
Last edited by DT2; 15th November 2012 at 02:01 PM.
Thanks to DT2 from:
TechMonkey (15th November 2012)
15th November 2012, 03:33 PM #9
Sorry I don't remember if there was a permanent fix or whether we just re-routed any connections through our dansguardian 'backup'
Originally Posted by TechMonkey
15th November 2012, 03:44 PM #10
I'm running a couple Squid proxies and had similar issues with certificate revocation on a number of different sites and services. With certificate revocation on a connection is attempted to reach the CA to check the status of the certificate. While checking the Squid access log I noticed that credentials weren't being passed to Squid for those connections going out to the CA (we use NTLM authentication for our proxies). As a result, Squid wasn't forwarding that connection and the revocation check was failing. To get around it I added the CA domain to an ACL that is allowed to bypass proxy authentication. Adobe uses Verisign for this particular certificate as my proxy shows a connection to ocsp.verisign.com in the middle of all the connections to my.adobeconnect.com. Allowing unobstructed access to Verisign's TLD and sub domains should fix the issue. I hope this helps.
3 Thanks to Duke5A:
CyberNerd (15th November 2012), DT2 (15th November 2012), TechMonkey (15th November 2012)
15th November 2012, 03:49 PM #11
You sir are a scholar and a gent!
I shall pass on to Smoothwall and hopefully they can make some update that includes the Cert addresses to be bypassed.
15th November 2012, 03:59 PM #12
Cheers, I'll update my (exactly) 12 month old workaround
By mmoseley in forum Internet Related/Filtering/Firewall
Last Post: 27th March 2009, 11:25 AM
By ezzauk in forum Internet Related/Filtering/Firewall
Last Post: 26th March 2009, 12:01 AM
Last Post: 12th December 2005, 12:41 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)