Jump to content


Photo

How to push out SSL certificates?

SSL Inspection https

  • Please log in to reply
5 replies to this topic

#1 Aaron Albrecht

Aaron Albrecht
  • Members
  • 9 posts

Posted 13 August 2015 - 10:22 AM

I have a stupid question; I have a 610 web filter and I'd like to enable SSL Inspection but don't know how to push out the SSL certificate from Barracuda.  Is this something done within Barracuda, if so, where?  Or is this via GPO, and where can I get instructions on how to do this?  If I can push out the SSL certificate will this work with any web browser on the client machines?  If I'm using a self-signed certificate will users get a warning about the certificate since it's not signed by a trusted authority?

 

Sorry for all of the questions, but I don't want to push out a certificate that gives everyone a scary warning message every time they hit a site using https.



#2 John

John
  • Members
  • 131 posts
  • LocationChicago

Posted 13 August 2015 - 10:53 AM

Use Group Policy for Windows boxes. Link: https://technet.microsoft.com/en-us/library/Cc770315(v=WS.10).aspx

 

Use a MDM solution to push certs to mobile devices. Barracuda Networks offers a free MDM solution.



#3 Aaron Albrecht

Aaron Albrecht
  • Members
  • 9 posts

Posted 13 August 2015 - 01:12 PM

Thanks that seems to be working, except do you still get a security warning from Firefox?  IE and Google seem to use the certificate with no problem, but Firefox is spitting out it's usual SSL warning message.



#4 John

John
  • Members
  • 131 posts
  • LocationChicago

Posted 14 August 2015 - 11:41 AM

Thanks that seems to be working, except do you still get a security warning from Firefox?  IE and Google seem to use the certificate with no problem, but Firefox is spitting out it's usual SSL warning message.

 

I don't think Firefox uses the certs installed into the Windows cert store. I found this link. https://addons.mozilla.org/en-us/firefox/addon/gpo-support-for-firefox-and-th/

 

I'm not sure if you could trust it or not. Chrome uses the Windows cert  store...



#5 Aaron Albrecht

Aaron Albrecht
  • Members
  • 9 posts

Posted 18 August 2015 - 09:39 AM

What would be the easiest way to deploy the SSL certificate to all Firefox browsers? 



#6 John

John
  • Members
  • 131 posts
  • LocationChicago

Posted 18 August 2015 - 11:08 AM

What would be the easiest way to deploy the SSL certificate to all Firefox browsers? 

 

You would have to find a ADMX file that allows you to control FireFox via a GPO. I included a link about that hosted the ADMX file. Here is something else I found using Javascipt.

 

http://lmgtfy.com/?q=deploy+certificaties+firefox

 

Click the first link.