Issues with speed or validation of HTTPS site certificates can be caused by the certificate authority lists being blocked from updating. This article explains how to whitelist them.
Experiencing a lot of issues with HTTPS sites such as slow loading or the browser claiming that valid certificates are invalid.
Browsers use publicly available certificate authority lists to validate HTTPS certificates from various parties. These certificate authority lists are updated regularly and browsers will automatically update their certificate stores if they have access to the CRL/SSL sites.
In order to make sure all browsers can reach those list and update their certificate store, ensure the following rule is in place on your Guardian configuration:
- Go to Web proxy > Authentication > Exceptions.
- Add the SSL / CRL category to the authentication exceptions see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/authexceptions.htm
- Click Save.
- Go to Guardian > Web filter > Policy Wizard.
- Create new policy that has the following:
- Step 1: Who = Everyone
- Step 2: What = SSL / CRL
- Step 3: Where = Everywhere
- Step 4: When = Always
- Step 5: Action = Whitelist
- Confirm and Save this new policy see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/filteringpolicywiz.htm.
- Move the policy above any block rules https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/policies.htm.
This will enable the certificate revocation check to work correctly for all applications.