Support Center > Search Results > SecureKnowledge Details
How to update the Trusted Certificate Authorities (CAs) list for HTTPS Inspection and HTTPS Categorization Technical Level
Solution

An important part of the HTTPS Inspection support is the validation of the server's certificate. This validation requires validating the signing Certificate Authority (CA) of the server certificates.

Note: when HTTPS Categorization (aka. HTTPS Light) is enabled, the trusted CA list is also used.

Security Gateway with enabled HTTPS Inspection has a built-in predefined list of trusted CAs, based on the Microsoft updates TrustedCA list.

Updates will be released from time to time based on changes in the recommended CA list.

To perform a manual update of Trusted CAs using an R81.X or R80.X Management Server:

  1. Open SmartConsole.

  2. Go to Manage & Setting.

  3. Select Blades.

  4. Below Configure HTTPs Inspection, click Configure in SmartDashboard.

  5. Click on the Trusted CAs section.

  6. At the top, click Actions - select Update certificate list... - browse for the ZIP file with certificates - click Open.

  7. Install policy on the Security Gateways.

To perform a manual update of Trusted CAs using an R77.X Management Server:

  1. Connect with SmartDashboard to Security Management Server / Domain Management Server.

  2. Go to the Application & URL Filtering tab.

  3. Expand the Advanced section.

  4. Expand the HTTPS Inspection section.

  5. Click on the Trusted CAs section.

  6. At the top, click Actions button - select Update certificate list... - browse for the ZIP file with certificates - click Open

  7. Install policy on the Security Gateways.

To enable automatic update checks for Trusted CAs using an R81.X or R80.X Management Server:

Note: updates are only checked automatically; they must be installed manually.
    1. Connect with SmartDashboard to the Security Management Server / Domain Management Server.

    2. Go to the Application & URL Filtering tab.

    3. Expand the Advanced section.

    4. Expand the HTTPS Inspection section.
    5. Click the Trusted CAs section.

    6. At the bottom of this page, check the box Notify when a Trusted CA and Blacklist update file is available for installation.
      If there is an available update, then this message appears: "A Trusted CA and Blacklist update has been downloaded"

    7. Click Install now.

    8. Install policy on the Security Gateway.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment