This article applies to our On-Premise Appliance Filter and Firewall product only, not to Cloud.
Smoothwall may block a website and mention certificates as the Reason on the Block page. This can be for a variety of reasons, such as:
- The server provider is using a "self-signed" certificate, so Smoothwall can’t verify that the information it contains is correct.
- The certificate is signed by a Certificate Authority (CA) unknown to Smoothwall, so it can’t ensure that the certificate is signed correctly or that the information it contains is correct.
- The certificate is not valid. It may be out of date, for the wrong domain, considered insecure, or may have been revoked by the signing CA.
In most cases you should not bypass this block. If you are sure you must have access, you can either bypass the HTTPS inspection or import the CA.
Option 1: Bypass HTTPS inspection for the domain
Using this method, Smoothwall will not check the site for issues with the Certificate. This means if the site is replaced with an unsafe site, the new site won’t be blocked.
Note that this will also prevent Content modification policies, Content-based Filtering and Safeguarding Reporting from working on the site.
To bypass HTTPS inspection, add the domain to a HTTPS Inspection Policy with the Action of Do not inspect.
Option 2: Import the CA
This method adds the CA that created the certificate for the domain to the list of Smoothwall's trusted CAs. This means anything this CA signs will also be trusted, which may not be limited to only this site.
- Access the website without going through Smoothwall.
- Investigate the certificate and check the CA.
- To identify the missing CA, compare the CA in the inspection with the list in System > Certificates > Certificate authorities.
- Copy the missing CA to file.
- Return to the System > Certificates > Certificate authorities page.
- In the Import Certificate Authority certificate section, select Choose file.
- Select the file and Import.