This article applies to our On-Premise Appliance Filter and Firewall product only, not to Cloud.
For HTTPS inspection to work, users must install a valid certificate from Smoothwall onto their device. This article will explain how to change the certificate that can be downloaded, for example, if your existing one expires soon.
Before you begin
- Renew your Certificate Authority (CA).
- If you have a centrally managed Smoothwall configuration, ensure Smoothwall will add the parent node's HTTPS certificate to all child nodes:
- Go to System > Maintenance > Archives.
- For each Child node Replication profile, ensure the checkbox for Certificates under System is selected.
- Go to the bottom of the page and select Save.
- Repeat for all child nodes.
Change the certificate
- Go to Guardian > HTTPS inspection > Settings.
- Go to the Manage HTTPS interception certificates section.
- Change the Certificate Authority used to sign for certificates using the drop-down.
- (Optional) You can download the Certificate Authority by selecting Export.
- When a client browses to a HTTPS website that Smoothwall hasn't seen before, Smoothwall creates a certificate for the site, gives it to the client, and stores it in Smoothwall’s cache to be used by other clients visiting the website. If you have changed your root Certificate Authority, you can clear the cache of certificates by selecting Clear and restart.
Note
Clearing the cached certificates restarts Web Filter, so only do this out of hours.
- Select Save.