We recommend that you install the Smoothwall Filter and Firewall self-signed certificate authority on client devices because for the Smoothwall Filter to see the content of HTTPS websites, the web proxy engine has to decrypt the content. When the proxy has checked the content, it then re-encrypts the traffic and sends that to the client.
When the proxy re-encrypts the traffic, it uses a new certificate created using the self-signed certificate authority installed on the Smoothwall Filter and Firewall.
When the client device receives HTTPS traffic, the it checks if the certificate used for the encryption is created by a trusted certificate authority. If the certificate is not created by a trusted certificate authority, the it generally issues a warning showing this or completely rejects the traffic.
To avoid those errors, the client device needs to trust the self-signed certificate authority used by the proxy to create the interim certificates that the HTTPS inspection use.
One term that is used to describe the HTTPS inspection process is “Man-in-the-middle attack”. While the traffic is in transit between the client and the web server, the proxy decrypts and then re-encrypts the traffic.