To perform SSL inspection it is necessary for the client device to trust the root certificate authority in NG Firewall. This is done by downloading the root certificate authority and installing it as a trusted certificate onto the client system. The following instructions are for Microsoft Windows-based systems.
For other operating systems refer to the links below:
Note: For Firefox browsers you may need to take additional steps to ensure that the browser trusts certificates from the Windows Certificate store. See Setting Up Certificate Authorities (CAs) in Firefox.
Downloading the root certificate
From a client system, the easiest way to download the certificate is by opening a browser and going to http://your_server/cert.
Alternatively, you can download the root certificate from the GUI in Config > Administration > Certificates or Apps > SSL Inspector > Configuration.
Installing the root certificate
Once you have this downloaded, double-click on the .crt file and Windows will open the certificate.
- In the certificate window click on Install Certificate…
- This will bring up the Certificate Import Wizard. Select Local Machine, then click Next
- Allow the program to make changes to your machine.
- Select "Place all certificates in the following store", then click Browse… Select the "Trusted Root Certification Authorities" store, click OK, then click Next.
- You should then receive this notice: