Slow loading of HTTPS sites or browser claiming valid certificates are invalid

Article #: Product Castle
1725 Guardian All

Summary

Issues with speed or validation of HTTPS site certificates can be caused by the certificate authority lists being blocked from updating. This article explains how to whitelist them.

Problem

Experiencing a lot of issues with HTTPS sites such as slow loading or the browser claiming that valid certificates are invalid.

Solution

Browsers use publicly available certificate authority lists to validate HTTPS certificates from various parties. These certificate authority lists are updated regularly and browsers will automatically update their certificate stores if they have access to the CRL/SSL sites.

In order to make sure all browsers can reach those list and update their certificate store, ensure the following rule is in place on your Guardian configuration:

  1. Go to Web proxy > Authentication > Exceptions.
  2. Add the SSL / CRL category to the authentication exceptions — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/authexceptions.htm
  3. Click Save.
  4. Go to Guardian > Web filter > Policy Wizard.
  5. Create new policy that has the following:
    • Step 1: Who = Everyone
    • Step 2: What = SSL / CRL
    • Step 3: Where = Everywhere
    • Step 4: When = Always
    • Step 5: Action = Whitelist
  6. Confirm and Save this new policy — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/filteringpolicywiz.htm.
  7. Move the policy above any block rules — https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/policies.htm.

This will enable the certificate revocation check to work correctly for all applications.

Attribution:

Last updated: Author: Contributions by:
23 August 2016  

DMT

SK