Importing SWG Certificate for SSL Scanning on Mac OSX Firefox Browser


This article applies to:

  • Mac OSX 10.7.4 and Firefox 13.0
  • SWG 10.x

Symptoms:

  • When browsing to a secure website via SWG on a Mac OSX Firefox browser, it may present a warning that the connection is untrusted:

Causes:

  • This is because with SWG’s HTTPS Scanning module turned in on, it will use its own SSL certificate to decrypt and encrypt SSL traffic for scanning. So the Firefox will need to import and trust SWG’s certificate in its own certificate store.

Resolution:

Logon to your SWG All-In-One or Policy Server web administration GUI and export the Scanning Server HTTPS certificate as shown in the screenshot below. The exported file will have a .crt extension and will need to be copied to the Mac OSX client.



Firefox uses its own separate certificate store and we will need to import the SWG certificate into it. Launch Firefox and go to Preferences and Advanced. Click on View Certificates.

 

In the Certificate Manager, click on Authorities and then on Import.


 

Select the .crt file exported from SWG.

Next you will be prompted on how to trust the certificate. Select “Trust this CA to identify websites” and then click on Ok.

Verify in Firefox Certificate Manager’s Authorities that the SWG certificate has been imported successfully (in this example it is calledSWG83SelfSigned, the name will differ according to your installation.)


Last Modified 6/21/2012.
https://support.trustwave.com/kb/KnowledgebaseArticle14654.aspx