Z-Scaler certificate error messages on iPad

No replies
ddunlap@mcnc.org
Offline
Joined: Feb 23 2011

When visiting SSL (https) sites with Z-Scaler content-filtering, users may see certificate error messages such as "Get me out of here", "There is a problem with this website's certificate", or with Safari on the iPad, "Cannot Verify Server Identity - Would you like to continue anyway?".

This is because the user device does not have Z-Scaler trusted root certificates in its store. If the 2 zipped Z-Scaler trusted root certificates are downloaded from the Z-Scaler UI (Administration > Internet gateways & SSL > SSL area, 'List' hyperlink) and installed on the user devices, the messages can be avoided.

After installing the certificates on an iPad (this can be done through an MDM application,
IPCU on a PC, email, or placing them on a webserver for users to pick up), the users will still
see the certificate error messages unless "Use SSL Scanning Root CA Certificate Based on SHA1 Algorithm" is checked in that same area of the Z-Scaler UI (Edit, change, Save, Activate). If scanning is based on SHA1 (Secure Hash Algorithm), the iPad error messages can be avoided.

0
Your rating: None