When using SWG as the HTTP and HTTPS proxy, Windows Live Messenger(MSN) 2009 cannot sign in.

book

Article ID: 156597

calendar_today

Updated On:

Products

Web Gateway

Issue/Introduction

When using SWG as the HTTP and HTTPS proxy, Windows Live Messenger(MSN) 2009 cannot sign in.

The error code may be 80048820, 80048861 or 80072f0d.

 

In IE Advanced settings, cleared the tick of the checkbox that says “Check for server certificate revocation”.

Ticking “Use SSL 2.0” and “Use SSL 3.0” checkboxes is to follow.

And then, test again, still have the same issue.

 

Cause

The WLM won't accept the SWG default certificate because the certificate is not signed by a Trusted Root Certification Authorites.

Moreover, the certificate issue may also lead to other applications cannot across through SWG with SSL proxy. A known application is Evernote.

Resolution

There are two ways to resolve the issue:

  1. Enforce install SWG default certificate to broswer's Trusted Root Certification Authorities list.
    • Login SWG web console;
    • Go to Administration>Configuration>Proxy page;
    • Navigate to "SSL Deep Inspection Settings", select "Use Default Certificate";
    • Click button "Export" to save the "cert.crt" to your local disk;
    • Import the certificate into each Web browser:
      • Manually Method:
        • In most situation, you can manually install the certificate into each Web browser separately to use automation. The certificate will be installed into "Trusted Root Certification Authorities". However, you need to double confirm the result by check "Internet Options>Content>Certificates>Trusted Root Certification Authorities", if the certificate was not installed here, you may need to select the option to Place all certificates in the following store to import the certificate into Trusted Root Certification Authorities.
      • Automation methods:
        • Group policy in Active Directory
          • If you have Active Directory configured at your site, you can import the certificate into Web browsers using group policies.
        • Domain login script
          • In Microsoft Windows environments, you can configure a login script to run after users log on.
  2. Apply/Buy a valid certificate which is signed by Trusted Root Certification Authorities, and import the certificate into SWG SSL proxy.
    • Apply/Buy the certificate from the Trusted Root CA;
    • Download both the certificate and Key from the CA vender. The certificate and key must be in DER format or PEM format containing US-ASCII or UTF characters only;
    • Login SWG web console;
    • Go to Administration>Configuration>Proxy page;
    • Navigate to "SSL Deep Inspection Settings", select "Use Imported Certificate";
    • Specify the certificate and key to the files;
    • Click the button "Save" to import the certificate;

 


Applies To

SWG:

  • SWG software version: 5.0.x
  • Working Mode: Proxy mode, enable HTTP and HTTPS proxy
  • Function: Enable Deep Inspection and intercept to all categories

Client:

  • Windows XP with SP3
  • Internet Explorer 6.0/7.0/8.0
  • Windows Live Messenger 2009 build 14.0.8117.416
  • IE proxy settings:
    • HTTP: <swg proxy IP address> Port:8080
    • Secure: <swg proxy IP address> Port:8443