Saturday, September 14, 2019

Sohpos SSL Certificate Installation guide

Posted on    

Overview

When SSL content inspection for HTTPS traffic is enabled on Sophos Firewall, the web browsers prompt a warning message if the Certificate Authority (CA) for the certificate used by the Sophos Firewall SSL inspection is not known by the browser. To fix this, you need to import SSL Proxy certificate into browsers or decryption on SSL Inspection.
Image result for sophos certificate
All Sophos firewalls are shipped with an SSL CA Certificate which is used in HTTPS Deep Scan Inspection. This article describes how you can download the SSL CA Certificate and install it into your local browser and machine.

Configuration

To download and install the Certificate in your browser and local machine, follow the steps below.
Download and extract the certificate to your local machine 
Install the certificate in your web browser 
Internet Explorer
  1. In the Menu Bar, click Tools > Internet Options to display the Internet Options window.
  2. Switch to the Content tab and, under the Certificates section, click Certificates to display the Certificates Window.
  3. Switch to the Trusted Root Certification Authorities tab and click the Import button to start Certificate Import Wizard.
  4. Import the Certificate downloaded in step 1 using this wizard.   
Firefox
  1. In the Menu Bar, click Tools > Options to display the Options window.
  2. Switch to the Advanced tab and then select the Certificates tab. 
  3. Click View Certificate to display the Certificate Manager window.
  4. Switch to the Authorities tab and click Import.
  5. Select the Certificate downloaded in step 1 and click Open
  6. In the Downloading Certificate window, select Trust this CA to identify websites and click OK.
Google Chrome
  1. To the right of the Address Bar, click on Customize and control Google Chrome button and click Settings.
  2. Click Show advanced settings and scroll down to HTTPS/SSL.
  3. Click Manage Certificates... to display the Certificates window.
  4. Switch to the Trusted Root Certification Authorities tab and click the Import button to start Certificate Import Wizard.
  5. Import the Certificate downloaded in step 1 using this wizard.
Safari
  1. Download the SSL CA Certificate as shown in step 1.
  2. Once downloaded, double-click the Certificate. This launches Keychain Access and displays a Certificate Not Trusted warning.
  3. Click Always Trust to import the certificate into Login Keychain. 
Opera
  1. Click the Opera button on the top left corner of the screen and click Settings.
  2. Switch to the Privacy & Security tab.
  3. Under HTTPS/SSL, click Manage Certificates…to display the Certificates window.
  4. Switch to the Trusted Root Certification Authorities tab and click the Import button to start the Certificate Import Wizard.
  5. Import the Certificate downloaded in step 1 using this wizard.

Install the Certificate in the local machine’s Trusted Root Authority container

Windows
  1. Open the Microsoft Management Console by typing "MMC" in the "Run" box.
  2. Open Add or Remove Snap-ins by selecting FILE > ADD/REMOVE SNAP-IN...
  3. Select Certificates from the list and click Add to display the Certificates Snap-in window.
  4. Select the Computer Account and click Next.
  5. Click Finish and close the list of snap-ins.
  6. Click OK to add the certificates snap-in, which should now be visible in the Add/Remove Snap-ins window.
  7. Expand the list of certificate containers, right click Trusted Root Authorities and choose All Tasks > Import to start Certificate Import Wizard.
  8. Import the Certificate downloaded in step 2 using this wizard.
Macintosh
  1. Download the SSL CA Certificate as shown in step 1.
  2. Once downloaded, double-click the Certificate. This launches Keychain Access and displays a Certificate Not Trusted warning.
  3. Click Always Trust to import the certificate into Login Keychain.
Share: