Deploying NG Firewall HTTPS Inspector certificates with active directory

Using the HTTPS Inspector in Untangle NG Firewall is a great way to make sure all your internet traffic is protected. Deploying the HTTPS Inspector certificate to domain computers with active directory is really easy, and makes implementing the HTTPS Inspector a 10 minute task. So let’s get to it!

Log into Untangle NG Firewall and go into the settings of the HTTPS inspector.

Untangle Main Interface Screen

Download the HTTPS certificate and save it to your computer.

Untangle HTTPS Inspector

We are now ready to import the HTTPS Inspector certificate into Group Policy.

Open the Group Policy Management Console (gpmc.msc) on a management workstation or server.

Edit the GPO you wish to import the certificate into. In a production environment, I would recommend that you create a new GPO and apply it to the OU or OU’s that contain your computer accounts. In this demonstration, we will be importing the certificate into the Default Domain Policy GPO.¬†

Untangle HTTPS Inspector Active Directory

Navigate to Computer Configuration / Windows Settings/Security Settings / Public Key Policies / Trusted Root Certification Authorities. Right click Trusted Root Certificate Authorities and select Import.

Importing Untangle HTTPS Inspector into Untangle

Browse to the location of the saved certificate. The certificate is named root_authority.crt.

Load the certificate into the GPO

Make sure that the certificate is being imported into the Trusted Root Certificate Authorities store.

Import Untangle HTTPS inspector certificate into active directory

Complete the wizard and you’re all done. To test your configuration, refresh group policy using gpupdate on a computer in the OU that the policy is applied to.

Now, log back into Untangle NG Firewall and turn the HTTPS Inspector on by pressing the power button in the rack.

Untangle HTTPS inspector turned on

Browse to an SSL protected website. You should not be presented with any certificate warnings. Checking the certificate should show Untangle NG Firewall as being the certificate issuer.

Untangle HTTPS Inspector certificate loaded