Importing SWG Certificate on Mac OSX Safari Browser


This article applies to:

  • Mac OSX 10.7.4 and Safari 5.1.7
  • SWG 10.x

Symptoms:

  • When browsing to a secure website via SWG on a Mac OSX Safari browser, it may present a warning that it can't verify the identity of the website and that the certificate for the website is invalid.


Causes:

  • This is because with SWG’s HTTPS Scanning module turned on, it will use it’s own SSL certificate to decrypt and encrypt SSL traffic for scanning. So the client will need to import and trust SWG’s certificate in its certificate store.

Resolution:

Logon to your SWG All-In-One or Policy Server web administration GUI and export the Scanning Server HTTPS certificate as shown in the screenshot below. The exported file will have a .crt extension and will need to be copied to and deployed on all Mac OSX clients.


On the Mac client, open the .crt file in Finder:

The Keychain Access app will start and prompt you to authenticate. Enter the administrator username and password.


 

The Keychain Access app will next prompt you if you want to trust the certificate. Ensure that the System Keychain is selected on the left pane and select Always Trust. (Note the SWG certificate name will differ according to your installation, SWG83SelfSigned is just an example).




Next browse to a secure website with Safari and verify the SSL certificate details. In the example screenshot below, we browsed to https://www.google.com and the SSL cert from SWG is now trusted and valid in Safari.



Last Modified 6/21/2012.
https://support.trustwave.com/kb/KnowledgebaseArticle14653.aspx