However, because the traffic has been decrypted, the original site certificate cannot be used by
the browser to authenticate the connection, so the original certificate is replaced by one generated
automatically on the appliance using a Sophos-generated certificate authority. This replaces the
original certificate, which requires that you download and install the Sophos-generated certificate
authority into your users’ browsers.This can be done as a centralized system administration
operation using Group Policy Objects.
Note: For more information, see the knowledgebase article Installing the Sophos-Generated
Certificate Authority in Your Users’ Browsers.
In greater detail, here is how the Web Appliance handles HTTPS scanning:
You, the administrator,
download the Sophos
certificate authority from the
Web Appliance and install
it in your user’s browsers.
The user requests a
secure web page through
the Web Appliance.
The secure site and the
Web Appliance negotiate a
secure connection.
214 | Appliance Behavior and Troubleshooting | Sophos Web Appliance
To Next Page
Loading...
Need help?
General
