Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 19085 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable certificate authority web proxy

Tich Matongo

I am running the XG firewall as a direct proxy in gateway mode and it is working correctly for HTTP traffic.  The rule I created for the web proxy does not have any web filtering and the Decrypt and Scan HTTPS option is disabled. However, it gives me an error "Your connection is not private " when I try to open HTTPS sites in Google Chrome.  It has the NET::ERR_CERT_AUTHORITY_INVALID message and clicking the advanced button shows that the website is using HSTS and there's no way around that.  If I don't want to import the certificate authority into my browser is it possible to disable the certificate authority?  



This thread was automatically locked due to age.
Parents
  • +1

    Tich,

    try to disable the micro-app scanning from console:

    system application_classification microapp-discovery off

    and clear the browser's cache.

    If it does not work, restart Tomcat service from XG advanced shell:

    service tomcat:restart -dsnosync

    Regards

  • 0 in reply to lferrara

    I just installed XG and once I had the basic configurations done I was online but more than half the websites I got to regularly were being blocked like the OP (your connection is not private.  NET::ERR_CERT_AUTHORITY_INVALID in chrome and a similar error in IE).  I've tried a number of "fixes" but none worked until I read this post.  I had found a number of posts about either disabling the microapp discovery but just doing that did not work.  The missing piece was to restart the tomcat service.

    Would it be possible to have this be a bit more clear in the UI?  anyways thank you this really helped me, as XG was not usable in that state.

Reply
  • 0 in reply to lferrara

    I just installed XG and once I had the basic configurations done I was online but more than half the websites I got to regularly were being blocked like the OP (your connection is not private.  NET::ERR_CERT_AUTHORITY_INVALID in chrome and a similar error in IE).  I've tried a number of "fixes" but none worked until I read this post.  I had found a number of posts about either disabling the microapp discovery but just doing that did not work.  The missing piece was to restart the tomcat service.

    Would it be possible to have this be a bit more clear in the UI?  anyways thank you this really helped me, as XG was not usable in that state.

Children
No Data