Messaging Gateway

 View Only

  • 1.  Certificate Warning for end User by accessing on SPAM Quarantine

    Posted May 11, 2010 07:06 AM
    Hi there,

    I am wondering if there is a way how to solve the certificate warning if a user access to his own SPAM Qarantine.

    Do I need to create a self signed certifcate here:
    Certificates
         
     
         
     
    TLS & HTTPS Certificates Status Expiration
    No certificates specified.
     

    Or is it enough if I select "none specified" here?

    Control Center Settings
    Control Center Certificate
     
     
    User interface HTTPS certificate:   
    Bounce attack prevention seed:   
    		 


    My target is to avoid the certificate warning. All our users are accessing internally to their Personal quarantine.


    Thanks in advance.


  • 2.  RE: Certificate Warning for end User by accessing on SPAM Quarantine

    Posted May 11, 2010 09:00 AM

    Contonso,

         The best way to avoid this error is to install a valid self signed SSL certificate.

    Option #2

    Log into the command line interface and enable HTTP
    Change the URL in the Spam Quarantine settings to point at port 41080 http instead of 41443 https.


    Command to enable http:
    cc-config http --on


  • 3.  RE: Certificate Warning for end User by accessing on SPAM Quarantine

    Posted May 11, 2010 10:14 AM

    John,  Won't the user get a cert warning with a self-signed cert?  IE/Firefox etc will not trust a self-signed cert.  Also, while switching to HTTP will elimiante the need for a cert, won't it then pass the users login credentials (which will be his company LDAP id/password), in the clear?


  • 4.  RE: Certificate Warning for end User by accessing on SPAM Quarantine

    Broadcom Employee
    Posted May 11, 2010 01:57 PM

    We do not consider clicking the 'View' link in the notification emails a security risk. Please see this document:

    Title: 'No login credentials are asked when you click View link in the Quarantine Notification'
    Document ID: 2007151145979898
    > Web URL: http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2007151145979898?Open&seg=ent



  • 5.  RE: Certificate Warning for end User by accessing on SPAM Quarantine

    Posted May 11, 2010 03:04 PM

    When does auth happen?  You need to enable ldap auth to enable per-user quarantines.  The link on the Quarantine setup inlcude https://host:41443/brightmail  I'm asked for my AD ID & password  and restricted to just viewing my quarantine.

    SBG 9.0
    LDAP with CC Auth enabled
    Spam/Quar settings - unchecked .


  • 6.  RE: Certificate Warning for end User by accessing on SPAM Quarantine

    Broadcom Employee
    Posted May 11, 2010 03:10 PM
    The document I sent was talking about the 'view' link, not the link to the login URL.

    Even if you were to just use HTTP to log in to the interface, that LDAP query is sent in plain text.


  • 7.  RE: Certificate Warning for end User by accessing on SPAM Quarantine

    Posted May 11, 2010 04:01 PM
    Jdavis: Even if you were to just use HTTP to log in to the interface, that LDAP query is sent in plain text.

    What LDAP Q?  The encryption ot the LDAP query should be between the SBG and the LDAP source, and SBG 9 can encrypt that via SSL/LDAP.

    If the user login page is HTTP, is the forms data between the user and the SBG box encrypted?


  • 8.  RE: Certificate Warning for end User by accessing on SPAM Quarantine

    Broadcom Employee
    Posted May 11, 2010 04:13 PM

    If he was encrypting the data between his LDAP server and the Appliance he would already have an SSL certificate.

    None of that data would be encrypted.