WebInspect 16.20 - SSL Error issue
I am using HP webInspect 16.20 for scanning an application in a Client's environment.
After initiating the scan, I am getting facing the below error in the profiling page-
"SSL Configuration failed when trying to connect to target host."
ON clicking next and subsequently starting the scan,
Please note- since its a client's environment, we have to set up the network proxy too(which we have done). Still, I am unable to start the scan successfully.
Please help how to mitigate this error.
Thanks in advance!
Are you supposed to route SSL traffic to one network proxy, but HTTP traffic to a different network proxy? You will need to investigate their proxy connection details further. Does it require authentication, such as NTLM? Just because "it works in MSIE" does not mean NTLM auth is not being used, as some proxies (Microsoft ISA, et al) will automatically steal the current Windows OS user's credentials to authenticate through the proxy. 😞
I never trust MSIE in these cases, as Group Policies can get involved. Instead, I use Firefox, as any proxy configuration I can identify for Firefox will work in WebInspect. If you are not permitted to install an alternative browser, we have one for you! Make a copy of C:\Program Files\HP\HP WebInspect\browser\ and move it elsewhere such as C:\Program Files\HP\browser\, then launch browser.exe from within that copied folder.
Furthermore, insert a running copy of the included Web Proxy, or even BURP, and configure WebInspect to use Web Proxy as its scan proxy, and configure Web Proxy with the network proxy as its up-stream proxy. This configuration will expose the traffic and errors that are occurring. If this does not help, see what Ethereal (or Wireshark) exposes when you attempt the SSL connection.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify