WebInspect 10 and expired certs (602 Views)
Occasional Visitor
Posts: 2
Registered: ‎05-16-2013
Message 1 of 3 (602 Views)

WebInspect 10 and expired certs

Does WebInspect not connect to web servers that have expired certs?  I can access via browsers after clicking through the expired cert warning, but WebInspect will not.


In the profiler, it says "An error has occurred during the profiling of the targeted server.  Server profiler failed to connect to the target host."


If I click "next" then "Scan" the Scan Log reports "Connectivity Issue, Reason:FirstRequestFailed, Server xxx.com, Error:(10054)Unable to read data from the transport connection:  An existing connection was forcibly closed by the remote host.

Occasional Visitor
Posts: 2
Registered: ‎05-16-2013
Message 2 of 3 (600 Views)

Re: WebInspect 10 and expired certs

Also, if I run WebInspect through Burp, it works like a champ since Burp's cert hasn't expired.

Esteemed Contributor
Posts: 680
Registered: ‎07-01-2008
Message 3 of 3 (572 Views)

Re: WebInspect 10 and no connectivity on first request

Unlike a user's browser interface, WebInspect does not stop for anything like simple errors, expired certs, or insecure/secure content.  It just goes.


Since this is a connectivity error, have you checked the Proxy settings for your scan settings?  The default setting are to steal the proxy configuration from IE, but one detail it cannot take is any entered user credentials.  You may need to change WebInspect's Proxy to "Explicitly Configured" and fill out the necessary proxy details and credentials there.  I find that if I can get Firefox configured for the upstream network proxy, then those settings will work fine once transferred to WebInspect.  Be aware that WebInspect has two Proxy settings areas, one for Scan Settings and one for Application Settings (for updates and such).


One area that expired or self-signed certificates might give WebInspect trouble is when they are part of the recorded sessions in the Login Macro you may have recorded.  I generally will mark those sessions as Optional so they do not foil the macro playback, just in case they do not reappear.

-- Habeas Data
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.