This document describes the problem encountered where Windows Live Messenger does not work when the default action is set to Decrypt and authentication is disabled.
Authentication disabled Default action for HTTPS traffic is configured to 'Decrypt' in 'Decryption policies' Decryption for AVC traffic enabled
Windows Live Messenger login does not work.
If we are using a self signed or self generated certificate on the Cisco Web Security appliance (WSA), then Windows Live Messenger would not trust this certificate. Hence when WSA decrypts the traffic using its certificate, the messenger closes or resets the connection resulting in login/access failure.
Typically, Windows Live Messenger should trust the certificates installed in the Internet Explorer (IE) certificate store.
Please install the certificate from WSA on the client machine and once installed, the Windows Live Messenger should be able to connect.
Please use the following steps to install the certificate from the WSA on client machine
Under Security Services ---> HTTPS Proxy ---> Edit Settings, please download the certificate from the WSA.
Rename the certificate extension from .pem to .txt.
Open the .txt file using an appliance like Notepad. Select all the contents in the .txt file.
Open a new Notepad file on the client machine. Paste the contents selected in Step 3.
Save the file as ".cer" file.
Right click the ".cer" file and select the "Install Certificate" option.
After the certificate is installed on the client machine, close and restart the Windows Live Messenger.