If the Smoothwall Filter and Firewall is blocking a HTTPS website due to an invalid certificate but when you bypass the Smoothwall Filter and Firewall, the site loads fine in your web browser, the trusted certificate authority list on the Smoothwall Filter and Firewall doesn't contain the certificate authority that created the certificate used by the web server. You can find the Smoothwall trusted certificate authority list on the Certificate Authorities page.
There are multiple ways to address this:
1: Bypass the HTTPS inspection for the web domain showing the error.
Add the website domain to a “Do not inspect” rule in the Guardian - HTTPS Inspection - Manage policies section. If this approach is taken, be aware that the site is no longer subject to HTTPS inspection so the content of the site can no longer be seen by the Smoothwall web filter.
2: Import the certificate authority that created the certificate for the domain into the Smoothwall trusted certificate authority list.
When accessing the website without going through the Smoothwall, investigate the certificate and check the certificate authority:
Here we see the certification tab in the windows certificate inspection dialog box. This shows that the certificate used by BBC is verified by GlobalSign. Sometimes, you will see multiple certificate authorities like in the above example.
When you compare the certificate authority name here, with the names listed on the Smoothwall installed certificate authorities list, you should be able to identify the one missing from the Smoothwall list.
Once you have found the missing certificate authority, select it in the windows certificate dialog box and click View certificate. A new dialog box opens with the details of the certificate authority. Click the Details tab and there you will find a “Copy to File” option.
Copy the certificate authority to a file in the .cer format as shown in the options dialog box and then import it to the Smoothwall trusted certificate authorities in the System - Certificates - Certificate Authorities.
Once the new certificate authority has been imported, close the webpage and then try to access it again through the Smoothwall web filter.