Our MWG device has enabled the SSL scanning function, and the client needs to import the CA certificate to access the HTTPS site normally. I would like to ask, how does MWG handle the client's request to access the https site? Are there the private keys of these https servers on MWG?
MWG acts as a "Man in the middle" here. You configure a CA on the MWG and provide the private key for this CA. With the CA MWG is now able to create server certificates.
When you go to https://www.google.com MWG connects to www.google.com, obtains the original certificate from Google, copies some attributes (such as Common Name and Subject Alternative Names) from it and checks if the certificate is valid.
Then MWG creates a new server certificate with these values, signs it with the CA you have configured and submits this certificate as the certificate for this connection to the browser. The browser sees the certificate, sees it is signed by the CA you imported, and since the CA is trusted in the browser the certificate is accepted.
Now you have the connection between client and MWG signed with the certificate MWG created and the connection between MWG and the server is signed with the original certificate from Google.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.