When you enable content inspection in the HTTPS proxy, the Firebox uses the default self-signed Proxy Authority CA certificate to re-encrypt the traffic. End users will receive a warning in their web browsers because this certificate is an untrusted self-signed certificate. To prevent these warnings, you can import this certificate (or your own certificate) on each client device.
For information on how to export the default Proxy Authority CA certificate from your device, see Export a Certificate from Your Firebox. For information on how to import this certificate on your client devices, see Import a Certificate on a Client Device.
If you cannot easily deploy the certificate with these methods, clients can connect to the Certificate Portal on your Firebox to download and install the certificate.
The Certificate Portal is available in Fireware v11.11.2 or higher.
When you enable HTTPS content inspection, the Firebox automatically creates a new policy to allow clients to connect to the Certificate Portal:
- Policy name — WatchGuard Certificate Portal
- Type — WG-Cert-Portal
- From — Any-Trusted and Any-Optional to Firebox
- Port — 4126
Connect to the Certificate Portal
To connect to the Certificate Portal and download the certificate, the client can open a web browser and go to http://<Firebox IP address>:4126/certportal.
To download and install the certificate:
- Click Download.
The certificate downloads to your computer.
- After you download the file, double-click the file and follow the instructions to install the certificate. You must specify the Trusted Root Certification Authorities as the location for the certificate during this process.
For more information about certificate installation, see Import a Certificate on a Client Device.
Customize the Certificate Portal
The Certificate Portal shares the customization features of the Authentication Portal. You can only customize the Certificate Portal page logo and the page colors. The title and text cannot be modified. For more information, see Customize the Authentication Portal Page.