Support Center > Search Results > SecureKnowledge Details
How to update list of Trusted CA for HTTPS Inspection
Solution

An important part of the HTTPS Inspection support is the validation of the server's certificate. This validation requires validating the signing CA of the server certificates.

Security Gateway with enabled HTTPS Inspection has a built-in predefined list of trusted CAs, based on the Mozilla/LibCurl TrustedCA list.

Updates will be released from time to time based on changes in the recommended CA list.

  • To perform a manual update of Trusted CAs on Security Gateway:

    1. Connect with SmartDashboard to Security Management Server / Domain Management Server.

    2. Go to Application & URL Filtering tab.

    3. Expand the Advanced section.

    4. Expand the HTTPS Inspection section.

    5. Click on the Trusted CAs section.

    6. At the top, click on Actions button - select Update certificate list... - browse for the ZIP file with certificates - click on Open

    7. Install policy on the Security Gateways.

  • To perform an automatic update of Trusted CAs on Security Gateway:

    Note: This option is available starting in SmartDashboard R75.40.

    1. Connect with SmartDashboard to Security Management Server / Domain Management Server.

    2. Go to Application & URL Filtering tab.

    3. Expand the Advanced section.

    4. Expand the HTTPS Inspection section.

    5. Click on the Trusted CAs section.

    6. At the bottom of this page, check the box Notify when a Trusted CA and Blacklist update file is available for installation.

      Note: This option is selected by default. Updates for the trusted CA list and Blacklist are automatically downloaded to the Security Gateway. You are notified if there is an available update. If you clear this checkbox, you disable the automatic updates.
    7. If there is an available update, then a message will appear in this area ("A Trusted CA and Blacklist update has been downloaded") - click on Install now button:

    8. Install policy on the Security Gateways.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment