Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 28 replies
  • Answers 2 answers
  • Subscribers 34 subscribers
  • Views 114939 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Decrypt and Scan HTTPS invalidates HTTPS certificates

LanhamRattan

I suppose I need to better understand Decrypt and Scan HTTPS Malware Scanning.  I noticed that when browse HTTPS site  the cert is replaced by the Sophos Cert.  So, my question is why and how to troubleshoot. If I turn Decrypt off then all is fine.



This thread was automatically locked due to age.
Parents
  • 0

    This thread has been very informative! Thank you for taking the time with your explanations. I understand now why this is a challenge and how it can be done. However, I need this to be done on student mobile devices as well. As an elementary school we are required to provide filtered Internet (CIPA). How can we force the safe-search on mobile devices?

    ---

    Eric

  • 0 in reply to Eric Paulsen

    Eric,

    SafeSearch can be enforced by enabling it under Web > Protection > Enforce SafeSearch.

    Users mobile will have the same behaviour. Mobile Browsers traffic will be intercepted by XG and Firewall/Filter rules will be applied.

  • 0 in reply to lferrara

    Hi,

     

    Safesearch requires HTTPs Scanning

  • 0 in reply to GonFreecs

    GonFreecs said:

    Safesearch requires HTTPs Scanning

     
    SafeSearch for Yahoo requires HTTPS scanning.
     
    SafeSearch for Google and Bing do not require HTTPS scanning.  Those companies have provided a way of using DNS CNAMEs to enforce safesearch instead.
  • 0 in reply to Michael Dunn

    Hello,

     

    Sorry, I have been away. Between work and school, I have not had much free time to be as involved in the forums.  (taking a prep class to renew my CompTia Security Plus Cert  / Ethical Hacking class).

    I did manage to re-download the Cert from UTM and did Get it installed on the Windows computers, and I think installed in a few locations that you can install a cert on Windows and things are working. 

    Again to everyone who was able to provide things to check as well as all the wonderful detail on the topic, I thank you all. I am glad to see the thread also of value to others.

    Sincerely Chad

  • 0 in reply to Michael Dunn

    We're talking about Sophos XG to implement safe search. For it to be implemented well you must enable HTTPs scanning, adding CNAMEs in DNS is different.

  • 0 in reply to GonFreecs

    GonFreecs said:

    We're talking about Sophos XG to implement safe search. For it to be implemented well you must enable HTTPs scanning, adding CNAMEs in DNS is different.

     

     
    Hi GonFreecs,
     
    I work for Sophos, with the XG, and I am well aware of what we support.  We support Bing and Google with no HTTPS scanning.  Internally are using the CNAME override to do this, but the user won't know this.
     
    Yahoo SafeSearch requires HTTPS scanning.  The Bing and Google Enforce Additional Image Filters require HTTPS scanning.
     
     
Reply
  • 0 in reply to GonFreecs

    GonFreecs said:

    We're talking about Sophos XG to implement safe search. For it to be implemented well you must enable HTTPs scanning, adding CNAMEs in DNS is different.

     

     
    Hi GonFreecs,
     
    I work for Sophos, with the XG, and I am well aware of what we support.  We support Bing and Google with no HTTPS scanning.  Internally are using the CNAME override to do this, but the user won't know this.
     
    Yahoo SafeSearch requires HTTPS scanning.  The Bing and Google Enforce Additional Image Filters require HTTPS scanning.
     
     
Children