Self-Signed Intranet Site Blocked With SSL Error Via SafeSquid-SWG ( Client Discussion #6 )
Posted: Mon Apr 27, 2020 4:32 am
Hello All,
Problems related SSL error has been faced by lot of customers and the problem in most of the cases are the client acceptance of the SSL Error.
I.e Client/Customers raise alot of questions for these kinds of block and are not willing to accept the answer.
Whenever their is an SSL Error Related Block, the clients just want to access the site without understanding the risk of such sites.
They actually assume the problem coming from SafeSquid-SWG whereas the Error are faced when their is Improper SSL CONFIGURATION on the Server Side.
SafeSquid does SSL Verification the way a browser does and displays block with error message the way the browser displays the only difference in this scenario is the treatment of the error when the error is displayed by the browser the user can add an exception and can then access the website seemlessly, but in case of SafeSquid the website is blocked with an Error message and the only way the user can access such website is by manually creating a policy to bypass such SSL Verification Error got respective sites etc.
When a Intranet site is ACCESSED, it is generally not Signed by a Trusted Root CA. Which results in SSL Validation Error and the SSL Error is displayed to the User with a Block.
In case of Direct Connection, Browser provide a Exception, and adding website to an exception will result in accessing that site.
But in Case of SafeSquid, user cannot do so as it is an SSL Breach.
Below is a Simple Example of a Intranet Site Block Due to SSL Error ( Reason being Self Signed ).
-----------
Query:
-----------
I am Getting an Error while try to access my Internal Site
Website Blocked By SafeSquid due to SSL Validation Failure:
Example site : https://testselfsignedcert.safesquid.local/
--- SafeSquid Block Self-Signed SSL Error ----
Solution:
---------------
In all the modern browsers this error can be bypassed by just adding an exception when you visit the website.
But in Safesquid the site will directly be blocked you cannot access it.
The Error Template will Displayed as shown above and you cannot access the website
The Error Template explains about the type of SSL Verification check that the particular website FAILED at.
The error that you see above tells that the certificate the site is using is a self-signed ssl certificate
Which can be created by anybody very easily
We do not allow users to access such kind of websites that are can compromise user’s data.
If this is an company approved website which is used by company for any kind of important use case and the company have setup an self signed ssl certificate for security measures
The above template will be seen when you access that site
In our case it is : https://testselfsignedcert.safesquid.local/
To Access the website You need to follow the below Steps properly
Step1: Categorize the website
-----------------------------------------------
As show below
--- Category Website ----
Problems related SSL error has been faced by lot of customers and the problem in most of the cases are the client acceptance of the SSL Error.
I.e Client/Customers raise alot of questions for these kinds of block and are not willing to accept the answer.
Whenever their is an SSL Error Related Block, the clients just want to access the site without understanding the risk of such sites.
They actually assume the problem coming from SafeSquid-SWG whereas the Error are faced when their is Improper SSL CONFIGURATION on the Server Side.
SafeSquid does SSL Verification the way a browser does and displays block with error message the way the browser displays the only difference in this scenario is the treatment of the error when the error is displayed by the browser the user can add an exception and can then access the website seemlessly, but in case of SafeSquid the website is blocked with an Error message and the only way the user can access such website is by manually creating a policy to bypass such SSL Verification Error got respective sites etc.
When a Intranet site is ACCESSED, it is generally not Signed by a Trusted Root CA. Which results in SSL Validation Error and the SSL Error is displayed to the User with a Block.
In case of Direct Connection, Browser provide a Exception, and adding website to an exception will result in accessing that site.
But in Case of SafeSquid, user cannot do so as it is an SSL Breach.
Below is a Simple Example of a Intranet Site Block Due to SSL Error ( Reason being Self Signed ).
-----------
Query:
-----------
I am Getting an Error while try to access my Internal Site
Website Blocked By SafeSquid due to SSL Validation Failure:
Example site : https://testselfsignedcert.safesquid.local/
--- SafeSquid Block Self-Signed SSL Error ----
Solution:
---------------
In all the modern browsers this error can be bypassed by just adding an exception when you visit the website.
But in Safesquid the site will directly be blocked you cannot access it.
The Error Template will Displayed as shown above and you cannot access the website
The Error Template explains about the type of SSL Verification check that the particular website FAILED at.
The error that you see above tells that the certificate the site is using is a self-signed ssl certificate
Which can be created by anybody very easily
We do not allow users to access such kind of websites that are can compromise user’s data.
If this is an company approved website which is used by company for any kind of important use case and the company have setup an self signed ssl certificate for security measures
The above template will be seen when you access that site
In our case it is : https://testselfsignedcert.safesquid.local/
To Access the website You need to follow the below Steps properly
Step1: Categorize the website
-----------------------------------------------
As show below
--- Category Website ----