Ensure that Web Gateway does not use SHA-1 in the SSL scanning settings (use SHA-256 instead). If you migrated from older Web Gateway versions to newer Web Gateway versions, this setting is not updated automatically.
- Log on to the Web Gateway user interface.
- Navigate to Policy, Settings, Engines, SSL Client Context with CA.
- For all settings containers for SSL Client Context with CA:
- From the Digest drop-down list, select sha256.
- From the RSA server key size drop-down list, select 2048.
In addition, if the Certificate Authority (CA) used in Web Gateway was signed using SHA-1, consider replacing it soon. Currently web browsers display a warning only if the web server certificate is signed using SHA-1. But, the same issue might happen eventually for CA certificates signed using SHA-1.
