This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Extended Validation (EV) certificates in Web protection

Hi everyone,

I have just setup HTTPS scanning en made sure the Proxy CA certificate is in the trusted root certificates, this does work, since I don't get any browser warnings no more on certificates.
However, certain sites (mostly online banking) aquire so-called EV-certficiates that also display a green address bar. When visiting these websites through the proxy there is no warning, but the address bar isn't green anymore.

Am I overlooking something or is this just not possible using the HTTPS proxy?

Edit: we are on 9.006 currently.

This thread was automatically locked due to age.

0 scorpionking over 12 years ago

This is correct behavior. The UTM has to decrypt HTTPS traffic to check it. Afterwards the traffic is reencrypted with the UTM cert.
As this is not an EV cert, the status bar will not turn green.

If you want this, you will have to buy an EV cert for your UTM, but then every HTTPS site will get a green status bar...

If you need those few sites to have a green SSL bar, create an exception excluding them from SSL scanning.
Cancel
Vote Up 0 Vote Down

Cancel
0 mod2402 over 12 years ago

You can use Exeptions for these Sites. When the UTM Scans these sites they generates on the fly certificates for the Client. The UTM is the man in the middle and can't tranfer the original cert.
Cancel
Vote Up 0 Vote Down

Cancel
0 apijnappels over 12 years ago

Thanks for your answer. I guess this is where my end-users will have to live with then....
Cancel
Vote Up 0 Vote Down

Cancel