Browser Certificate Warning When Visiting HTTPS Websites If Web Gateway Is Using The SSL Scanner With Content Inspection
Technical Articles ID: KB86362
McAfee Web Gateway (MWG) 7.x
The web browser displays a certificate warning when visiting HTTPS websites. This issue occurs if Web Gateway is using the SSL Scanner with content inspection enabled. The certificate warning message varies based on the web browser:
Mozilla Firefox will block the website and display the warning message: The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.
Google Chrome will allow the website, but will display the warning message: The certificate for this site expires in 2017 or later, and the certificate chain contains a certificate signed using SHA-1.
Starting January 1, 2016 most web browsers are phasing out trust of certificates signed using SHA-1. Any certificates signed after January 1, 2016 will be untrusted in some way (it varies based on the web browser), but certificates signed before that date will still be accepted.
Mozilla Firefox announcement: https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/
Google Chrome announcement: http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
Web Gateway will issue certificates for websites that are SSL scanned, so the signing date will be after January 1, 2016.
Ensure that Web Gateway does not use SHA-1 in the SSL scanning settings (use SHA-256 instead). If you migrated from older Web Gateway versions to newer Web Gateway versions, this setting will not be updated automatically.
Log on to the Web Gateway user interface.
Navigate to Policy, Settings, Engines, SSL Client Context with CA.
For all of the settings containers for SSL Client Context with CA:
From the Digest drop-down menu, select sha256.
From the RSA server key size drop-down menu, select 2048.
In addition, if the Certificate Authority (CA) used in Web Gateway was signed using SHA-1, you should consider replacing it soon.
Currently web browsers will display a warning only if the web server certificate is signed using SHA-1.
However, the same issue may happen eventually for CA certificates signed using SHA-1.
Virtual machines, will by default have varying ressources, cpu clocks, etc. On a busy system, they may even be denied ressources for short periods of time or during high workloads, VMotion, Backups or may recieve higher cpu ressources than the operating system is even aware it could get. I.e. the operating system believes it has 1 cpu of 2.4 ghz, in reality it is running on a VMware server with 8 cores of 2.4ghz.
This results in something usually refered to as time drifting, the clock and the "ticks" it uses to keep time will sometimes run a faster or slower. Virtual servers misconfigured has been seen for time synchronization, that were off by several hours. Most time synchronization clients will have a limit on how much the time may differ from the NTP source and still synchronize. Some systems are set for no more than 15 minutes, 1 hour, 15 hours or even synchronize no matter the time difference, this may also prevent synchronizing because the time has drifted too much since last sync.
The time service (w32time) running on Windows Servers and Domain Controllers, will be well sufficient of keeping time very accurate on a physical machine, with default sync's being done every 45 minutes untill 3 successfull sync's, then every 8 hours. (info on w32time registry settings here) The time service on Domain Controllers, also functions as the time server for all clients in the domain, so do not just disable this service, if You do not need the client functionality!
So basicly we need to ensure that our virtual Domain Controllers and especially our DC with the PDC FSMO role are always synchronized perfectly, otherwise we risk problems with authentication thruout the domain.
When I use FileZilla to connect to my FTP I get an error like this:
Response: 200 PORT command successful. Consider using PASV.
Error: Connection timed out
Error: Failed to retrieve directory listing
If you have a similar problem with Filezilla, and the problem persists even when the Windows Firewall is disabled, here is what you need to do:
Open Filezilla, go to Edit -> Settings
Click on Connection -> FTP: Choose Active
Click on Connection -> FTP -> Active Mode: Select "Ask your operating system for the external IP address"
Click on Connection -> FTP -> Passive Mode: Choose Fall Back to Active Mode
Try connecting to your FTP site once again.
Email üzerinden XMediusFAX sunucusu yoluyla faks yollarken karşı tarafa giden evrakda çözünürlüğün bulanık ya da düşük olduğu görülüyorsa sunucu üzerinde çözünürlük, yayılma ve pikselleştirme üzerine iyileştirme yapılması gerekmektedir.
1) XMediusFAX > Sites > Your Site > Configuration > General Settings > Properties > Rasterization Options kısmına geliniz. Halftoning: Error Diffusion (Floyd-Steinberg) seçiniz.
2) XMediusFAX > Sites > Your Site > Configuration > Profiles > Sorun yaşadığınız Profilin Properties'i > Fax Options kısmına geliniz. Resolution kısmında Default: Fine Maximum: Ultra Fine yapınız.