Users may see a Transport Layer Security (TLS) or handshake error when accessing HTTPS websites, if you apply filtering using Smoothwall On-Premise Appliance. Depending on their browser and configuration, they may or may not be able to bypass the error.
You can prevent these errors from showing and allow all users to access HTTPS website by trying each of the steps in this article.
Tip
If the user sees a Block page instead, you can check why the website or URL is blocked.
Step 1: Check the URL
If the URL contains an IP Address, add it to a Transparent Web Proxy authentication policy.
Step 2: Try clearing the certificate cache
Clear your certificate cache in case your Smoothwall is using an older certificate to connect over HTTPS.
Important
You must only clear the certificates cache out of hours as it will restart the Web Filter.
- In Smoothwall On-Premise Appliance, go to Guardian > HTTPS inspection > Settings.
- In the Manage HTTPS interception certificates section, select Clear and restart.
Step 3: Check the website host’s server
If the website’s server only supports TLS 1.0, 1.1 or 1.3 and doesn’t support TLS 1.2 (used by Smoothwall), it may cause a TLS handshake error for users.
- Use an SSL server test tool (such as SSL Labs) to check what the upstream web server is using and what protocols are supported.
- If TLS 1.2 is not supported, create a Do not inspect HTTPS Inspection policy for the server IP addresses.
Important
Allowing access means HTTPS Inspection won’t apply to these websites, and your Web Filter Policies won’t filter them, which could allow users to access unsafe or distracting content.
Step 4: Contact Smoothwall Support
If you have tried steps 1, 2 and 3 but users still can’t access the website, contact Smoothwall Support.