How do I resolve certificate errors on secure (HTTPS) websites?

Article #: Product Castle
# Guardian Edinburgh onwards


This article explains what to do in the event of seeing certificate errors when browsing to secure (HTTPS) websites.


After enabling HTTPS Decrypt and Inspect, you get certificate warning messages and errors, which in some cases stop you from accessing the site entirely.

This is because your browser doesn’t have the Man-in-the-Middle certificate issued by the Smoothwall in it's certificate store.


To create a new root certificate:

  1. Go to System > Certificates > Certificates for services.
  2. From the Certificates section heading, click New root CA. The Add new root Certificate Authority dialog box is displayed.
  3. In the Name field, give the certificate a user-friendly name.
  4. The Common name field should be set to the Smoothwall’s fully qualified domain name (this can be found by going to System > Preferences > Hostname).
  5. Click Save changes.

To change the default certificate authority:

  1. Go to System > Certificates > Certificates for services.
  2. Hover over the newly created CA, and click Set default CA.
  3. Ensure that all services are using the newly created Root CA:
  4. If any of the services are still using another CA, please click on the links under the Used by column.

  5. Select the root CA to be used for Guardian HTTPS inspection:
    1. Click on the Guardian HTTPS inspection link or go to Guardian > HTTPS inspection > Settings
    2. In the Manage HTTPS interception certificates section, from the Certificate Authority drop-down list select the new root CA
  6. To export the certificate from the Smoothwall and import it to your browser:
    1. Go to http://<IPAddress_or_Hostname>/getmitm/
    2. Click the Download Certificate button
    3. Select your browser/operating system to import the certificate
  7. To distribute the certificate through Group Policy Object, please follow the instruction from Microsoft below:


Last updated: Author: Contributions by:
13 June 2017 Patrik Farsang