SaaS

DCI

   

Description

Users are seeing a certificate error page instead of the WebTitan block page when visiting a website that is blocked by their filtering policy. 


Cause

The WebTitan SSL block page certificate on https://wtc2.webtitancloud.com/ is being updated to a 4096-bit format on June 14th, 2022. This update improves security, provides increased encryption strength and conforms to new standards required for some browsers and operating systems.


The WebTitan SSL block page certificate is used when a user visits a website that has been blocked by a filtering policy applied by their organization. WebTitan presents the block page using this certificate, which the user’s browser trusts.  


If you have not deployed the new 4096-bit certificate, after June 14th your users will still be filtered by WebTitan, but they will not see a block page if they visit a blocked HTTPS website. Instead, they will see a certificate error page.


Solution

If you previously deployed a WebTitan SSL certificate to your endpoints, you will need to deploy the new 4096-bit format  certificate before June 14th to display block pages without certificate errors. You can update certificates at any time, old and new certificates can coexist without any issue. 

  • Download the new WebTitan SSL certificate from this link. If you see a browser warning, select Discard.
  • See here for documentation on manually updating certificates in common browsers. 
  • Please refer to Microsoft's documentation for information on deploying certs using Group Policy or Microsoft Intune

The new WebTitan SSL block page certificate will become active on June 14th, 2022.  Your current certificate will be inactive after this date.


Further Info

WebTitan OTG 1 & OTG 2 

  • To ensure users running OTG 1 continue to see their block page, you should deploy an updated certificate to their endpoint, as OTG 1 will not automatically fetch it. 
  • OTG 2 endpoints do not require any action, they will automatically fetch the new certificate. 
  • If you have both OTG 1 & OTG 2 endpoints running together in your environment, you can deploy the updated certificate to both - this will not cause any issue.