Certificate Errors when presented with the SSL Login Page

Article #:

Product

Castle

#KB-166

All

All Releases

Summary

This article will detail how to resolve the issue of certificate errors on the SSL login page.

Problem

Users using a proxy with an authentication method set to “SSL Login Page” are seeing certificate warnings that they must bypass before they can log in.

Solution

The issue is a result of the end device not trusting the certificate the Smoothwall presents for the login page. There are several options to resolve this:

 Purchase a real-world wildcard certificate for use on the login page. This will require a small annual cost but will be trusted automatically by end devices as it comes from a real world Certificate Authority, so no changes to end devices would be required.
 Deploy the Smoothwall’s default certificate on your end devices as a trusted root certificate authority. This will configure the devices to trust the certificate and therefore remove the error. However this can be more difficult on non-centrally managed networks, i.e. BYOD, as it relies on the end user to deploy. You can use the certificate deployment page (accessed by browsing to http://<ip_address_of_smoothwall>/getmitm) to deploy to BYOD devices
 Change the authentication method from SSL Login page, to Non-SSL login page. However this would mean the credentials are not secured could be susceptible to being stolen.

If a real world certificate is to be used, it will need to be imported into the Smoothwall, which can be achieved by browsing to System > Certificates > Certificates for Services, and clicking Import. You should see a window, from which you can browse to your new certificate file. Select Choose file on the dialogue box, navigate to the file you want, and click Import.

Once this is done, then browse to System > Preferences > User Interface, and from the User-facing HTTPS services drop-down list at the bottom of the page, choose the newly uploaded certificate. Click Save.

Finally, to clear the Smoothwall’s caches and ensure the correct certificate will be used for the SSL login page, reboot the device by navigating to System > Maintenance > Shutdown and clicking the Reboot button.

 

Attribution:

Last updated:

Author:

Contributions by:

10 August 2017

Harley Greenwood

Patrik Farsang

 

 


Copyright © 2000-2018 Smoothwall All rights reserved.