Configuring RHEL / CentOS 6 & 7 with McAfee Web Gateway 🚫

Configuring RHEL / CentOS 6 & 7 with McAfee Web Gateway 🚫

You can probably follow these steps to configure your hosts with other corporate proxies that use self-signed certs but keep in mind that I’ve only tested this with McAfee Web Gateway. Let’s begin! πŸ’»

1.) Fetch McAfee’s self-signed CA certificate using openssl:

openssl s_client -connect google.com:443 -showcerts

This will return the entire certificate chain. The last certificate in the chain should be McAfee’s CA certificate. Copy the certificate to your clipboard, making sure to include β€œβ€Šβ€”β€Š-BEGIN CERTIFICATEβ€Šβ€”β€Š-” and β€œβ€Šβ€”β€Š-END CERTIFICATEβ€Šβ€”β€Š-”

Certificate Format Example

2.) Install ca-certificates package if it’s not already:

sudo yum install ca-certificates -y

3.) Use your favorite text editor to create a new .crt file at /etc/pki/ca-trust/source/anchors/. You can name it whatever you like as long you keep the .crt file extension. Paste in the CA certificate and save the file.

sudo vim /etc/pki/ca-trust/source/anchors/mcafee.crt

4.) Enable dynamic CA configuration:

sudo update-ca-trust force-enable

5.) Update your CA configuration:

sudo update-ca-trust extract

6.) Test it out πŸ™β€¦

wget: βœ”οΈ

[[email protected] ~]$ wget https://jacobboykin.com
--2017-10-02 14:35:17--  https://jacobboykin.com/
Resolving jacobboykin.com (jacobboykin.com)... 104.27.164.184, 104.27.165.184, 2400:cb00:2048:1::681b:a4b8, ...
Connecting to jacobboykin.com (jacobboykin.com)|104.27.164.184|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: β€˜index.html.1’
[ <=>                                                                                                                                       ] 11,946      --.-K/s   in 0.001s
2017-10-02 14:35:18 (9.46 MB/s) - β€˜index.html.1’ saved [11946]
[[email protected] ~]$

git: βœ”οΈ

[[email protected] ~]$ git clone https://github.com/jacobboykin/jacobboykin.github.io.git
Cloning into 'jacobboykin.github.io'...
remote: Counting objects: 265, done.
remote: Total 265 (delta 0), reused 0 (delta 0), pack-reused 265
Receiving objects: 100% (265/265), 4.21 MiB | 2.27 MiB/s, done.
Resolving deltas: 100% (117/117), done.
[[email protected] ~]$ ll jacobboykin.github.io/
total 36
-rw-rw-r--. 1 jacob jacob  233 Oct  2 14:43 404.md
-rw-rw-r--. 1 jacob jacob  640 Oct  2 14:43 about.md
-rw-rw-r--. 1 jacob jacob   15 Oct  2 14:43 CNAME
-rw-rw-r--. 1 jacob jacob 2221 Oct  2 14:43 _config.yml
drwxrwxr-x. 2 jacob jacob   59 Oct  2 14:43 css
-rw-rw-r--. 1 jacob jacob 1150 Oct  2 14:43 favicon.ico
-rw-rw-r--. 1 jacob jacob 1430 Oct  2 14:43 feed.xml
drwxrwxr-x. 2 jacob jacob   99 Oct  2 14:43 fonts
drwxrwxr-x. 3 jacob jacob   96 Oct  2 14:43 images
drwxrwxr-x. 2 jacob jacob  135 Oct  2 14:43 _includes
-rw-rw-r--. 1 jacob jacob 3235 Oct  2 14:43 index.html
drwxrwxr-x. 2 jacob jacob   66 Oct  2 14:43 js
drwxrwxr-x. 2 jacob jacob   60 Oct  2 14:43 _layouts
drwxrwxr-x. 2 jacob jacob  140 Oct  2 14:43 _posts
drwxrwxr-x. 2 jacob jacob   88 Oct  2 14:43 _sass
-rw-rw-r--. 1 jacob jacob 7869 Oct  2 14:43 style-guide.md
drwxrwxr-x. 2 jacob jacob   24 Oct  2 14:43 tags
[[email protected] ~]$

npm: βœ”οΈ

[[email protected] ~]$ npm install express
/home/jacob
└─┬ [email protected]
  β”œβ”€β”¬ [email protected]
  β”‚ β”œβ”€β”¬ [email protected]
  β”‚ β”‚ └── [email protected]
  β”‚ └── [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”¬ [email protected]
  β”‚ β”œβ”€β”€ [email protected]
  β”‚ β”œβ”€β”¬ [email protected]
  β”‚ β”‚ β”œβ”€β”€ [email protected]
  β”‚ β”‚ └── [email protected]
  β”‚ β”œβ”€β”€ [email protected]
  β”‚ └── [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”¬ [email protected]
  β”‚ └── [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”¬ [email protected]
  β”‚ └── [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”¬ [email protected]
  β”‚ └── [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”¬ [email protected]
  β”‚ β”œβ”€β”€ [email protected]
  β”‚ └── [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”¬ [email protected]
  β”‚ β”œβ”€β”€ [email protected]
  β”‚ └── [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”€ [email protected]
  β”œβ”€β”¬ [email protected]
  β”‚ └── [email protected]
  β”œβ”€β”€ [email protected]
  └── [email protected]
npm WARN enoent ENOENT: no such file or directory, open '/home/jacob/package.json'
npm WARN jacob No description
npm WARN jacob No repository field.
npm WARN jacob No README data
npm WARN jacob No license field.
[[email protected] ~]$

If you have any trouble with other applications, you might need to set your proxy strings in your environment file:

sudo vim /etc/environment
http_proxy=”http://user:[email protected]:port/"
https_proxy=”http://user:[email protected]:port/"
ftp_proxy=”http://user:[email protected]:port/"

That’s it - I hope this is helpful! πŸ”₯

Jacob Boykin's Picture

About Jacob Boykin

Jacob is a system administrator, web developer and musician based in Melbourne, Florida.

Melbourne, Florida https://jacobboykin.com

Comments