1 Reply Latest reply on Aug 27, 2015 1:15 AM by lnurmi

    Certificate error in various sites to enable Deep Inspection

    iurycarvalho

      Hello guys,

      I have a problem on a client that is bothering me for a long time .
      Every time I enable the Deep Inpsection and Decryp the HTTPS protocol , users receive multiple certificate problems at several different sites , some quite ordinary as facebook and linkedin , have experienced export certificates for SMC however it is not that the problem .

      As a result, when we enable the deep inspection , the user search for HTTPS certificates of validation own browser , or SMC ? Has anyone should any similar problem ?

      Thank you!

        • 1. Re: Certificate error in various sites to enable Deep Inspection
          lnurmi

          Hi,

           

          there's a longer writeup about how it works in the admin/product guide, but in short: when you do HTTPS decryption the firewall acts as man-in-the-middle TLS proxy, and presents its own certificate to users when they open https pages. The firewall creates this certificate with the Client Protection Certificate Authority that you have imported into or created in SMC and defined in firewall properties. The users machine must trust the Client Protection Certificate Authority or otherwise they get warnings about untrusted certificate each time.

           

          To avoid the warnings, you need to import the CA to client machines. Firefox has its own certificate store, other browsers like IE and Chrome generally use the Windows certificate store. In a managed environment the CA can usually be imported with group policy automatically.

           

          BR,

          Lauri