When HTTPS inspection is enabled, users with Bring Your Own (BYO) device clients may see a browser warning about a Man-In-The-Middle (MITM) attack.
Smoothwall can’t use the site’s real certificate, so uses the MITM Certificate Authority (CA) to create a new certificate for the site.
- For school-owned devices, you can deploy the certificate automatically using Active Directory Group Policy or the Google Admin Console.
- For Bring Your Own (BYO) devices, the device owner must install the CA on their device. Instructions on how to do so are below.
For security reasons, Smoothwall can’t automatically detect whether the BYO device needs the CA and can’t redirect to the page to install it. However, if your devices display a splash screen when opening a browser (often used for logging in or accepting T&Cs), consider adding a link to the getcert page from there.
To download and install the certificate:
- Open a browser.
- Go to http://X/getcert (replace X with your Smoothwall’s IP address or hostname).
- Select DOWNLOAD Certificate.
- Below the DOWNLOAD Certificate button, you’ll see instructions for installing and trusting the certificate on some of the most common devices.
- If your device isn't listed, refer to the instructions for your device on how to install a new standard CA.
- If you have any issues, contact your organisation's IT support.
Image 1: The getcert page.
Once the certificate is installed, when users try to access HTTPS websites, they’ll see a warning page informing them that their communication with the site is being monitored.
- You can change the frequency and wording of the message.
- Users must accept the message to be able to access the website.
Smoothwall then applies your Web Filter and Content Modification policies so users can access the website or see a Block page.
Image 2: The HTTPS warning message.