Issues with speed or validation of HTTPS site certificates can be caused by the certificate authority lists being blocked from updating. This article explains how to whitelist them.
Experiencing a lot of issues with HTTPS sites such as slow loading or the browser claiming that valid certificates are invalid.
Browsers use publicly available certificate authority lists to validate HTTPS certificates from various parties. These certificate authority lists are updated regularly and browsers will automatically update their certificate stores if they have access to the CRL/SSL sites.
To make sure all browsers can reach those list and update their certificate store, ensure the following rule is in place on your configuration.
Procedure
- Create an authentication exception for the SSL / CRL category, see our help topic, Creating authentication exceptions.
- Create a whitelist web filter policy with these settings, see our help topic, Creating web filter policies:
- Who = Everyone
- What = SSL / CRL
- Where = Everywhere
- When = Always
- Action = Whitelist
- Make sure that you move the policy above any block rules, see our help topic, Managing web filter policies.
This enables the certificate revocation check to work correctly for all applications.