Slow loading of HTTPS sites or browser claiming valid certificates are invalid

Article #:

Product

Castle

1725

Guardian

All

Summary

Issues with speed or validation of HTTPS site certificates can be caused by the certificate authority lists being blocked from updating. This article explains how to whitelist them.

Problem

Experiencing a lot of issues with HTTPS sites such as slow loading or the browser claiming that valid certificates are invalid.

Solution

Browsers use publicly available certificate authority lists to validate HTTPS certificates from various parties. These certificate authority lists are updated regularly and browsers will automatically update their certificate stores if they have access to the CRL/SSL sites.

In order to make sure all browsers can reach those list and update their certificate store, ensure the following rule is in place on your Guardian configuration:

1. Go to Web proxy > Authentication > Exceptions.
2. Add the SSL / CRL category to the authentication exceptions — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/authexceptions.htm
3. Click Save.
4. Go to Guardian > Web filter > Policy Wizard.
5. Create new policy that has the following:
Step 1: Who = Everyone
Step 2: What = SSL / CRL
Step 3: Where = Everywhere
Step 4: When = Always
Step 5: Action = Whitelist
6. Confirm and Save this new policy — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/filteringpolicywiz.htm.
7. Move the policy above any block rules — https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/policies.htm.

This will enable the certificate revocation check to work correctly for all applications.

Attribution:

Last updated:

Author:

Contributions by:

23 August 2016

 

DMT

SK

 

Copyright © 2000-2016 Smoothwall All rights reserved.