Deploying NG Firewall HTTPS Inspector certificates with active directory
Using the HTTPS Inspector in Untangle NG Firewall is a great way to make sure all your internet traffic is protected. Deploying the HTTPS Inspector certificate to domain computers with active directory is really easy, and makes implementing the HTTPS Inspector a 10 minute task. So let’s get to it!
Log into Untangle NG Firewall and go into the settings of the HTTPS inspector.
Download the HTTPS certificate and save it to your computer.
We are now ready to import the HTTPS Inspector certificate into Group Policy.
Open the Group Policy Management Console (gpmc.msc) on a management workstation or server.
Edit the GPO you wish to import the certificate into. In a production environment, I would recommend that you create a new GPO and apply it to the OU or OU’s that contain your computer accounts. In this demonstration, we will be importing the certificate into the Default Domain Policy GPO.
Navigate to Computer Configuration / Windows Settings/Security Settings / Public Key Policies / Trusted Root Certification Authorities. Right click Trusted Root Certificate Authorities and select Import.
Browse to the location of the saved certificate. The certificate is named root_authority.crt.
Make sure that the certificate is being imported into the Trusted Root Certificate Authorities store.
Complete the wizard and you’re all done. To test your configuration, refresh group policy using gpupdate on a computer in the OU that the policy is applied to.
Now, log back into Untangle NG Firewall and turn the HTTPS Inspector on by pressing the power button in the rack.
Browse to an SSL protected website. You should not be presented with any certificate warnings. Checking the certificate should show Untangle NG Firewall as being the certificate issuer.