Self-Signed Intranet Site Blocked With SSL Error Via SafeSquid-SWG ( Client Discussion #6 )

Tell everybody, what you think about SafeSquid!
Speak your mind!
India aashish97
Posts: 117
Joined: Sat Jul 06, 2019 10:45 am

Self-Signed Intranet Site Blocked With SSL Error Via SafeSquid-SWG ( Client Discussion #6 )

Post by aashish97 » Mon Apr 27, 2020 4:32 am

Hello All,

Problems related SSL error has been faced by lot of customers and the problem in most of the cases are the client acceptance of the SSL Error.
I.e Client/Customers raise alot of questions for these kinds of block and are not willing to accept the answer.

Whenever their is an SSL Error Related Block, the clients just want to access the site without understanding the risk of such sites.
They actually assume the problem coming from SafeSquid-SWG whereas the Error are faced when their is Improper SSL CONFIGURATION on the Server Side.

SafeSquid does SSL Verification the way a browser does and displays block with error message the way the browser displays the only difference in this scenario is the treatment of the error when the error is displayed by the browser the user can add an exception and can then access the website seemlessly, but in case of SafeSquid the website is blocked with an Error message and the only way the user can access such website is by manually creating a policy to bypass such SSL Verification Error got respective sites etc.

When a Intranet site is ACCESSED, it is generally not Signed by a Trusted Root CA. Which results in SSL Validation Error and the SSL Error is displayed to the User with a Block.

In case of Direct Connection, Browser provide a Exception, and adding website to an exception will result in accessing that site.
But in Case of SafeSquid, user cannot do so as it is an SSL Breach.

Below is a Simple Example of a Intranet Site Block Due to SSL Error ( Reason being Self Signed ).

-----------
Query:
-----------
I am Getting an Error while try to access my Internal Site

Website Blocked By SafeSquid due to SSL Validation Failure:

Example site : https://testselfsignedcert.safesquid.local/

--- SafeSquid Block Self-Signed SSL Error ----

SafeSquid-SSL-Block.png
SafeSquid-SSL-Block.png (33.68 KiB) Viewed 1937 times

Solution:
---------------

In all the modern browsers this error can be bypassed by just adding an exception when you visit the website.
But in Safesquid the site will directly be blocked you cannot access it.

The Error Template will Displayed as shown above and you cannot access the website
The Error Template explains about the type of SSL Verification check that the particular website FAILED at.
The error that you see above tells that the certificate the site is using is a self-signed ssl certificate
Which can be created by anybody very easily
We do not allow users to access such kind of websites that are can compromise user’s data.
If this is an company approved website which is used by company for any kind of important use case and the company have setup an self signed ssl certificate for security measures
The above template will be seen when you access that site
In our case it is : https://testselfsignedcert.safesquid.local/


To Access the website You need to follow the below Steps properly


Step1: Categorize the website
-----------------------------------------------

As show below


--- Category Website ----
Categorize-Website.png
Categorize-Website.png (95.27 KiB) Viewed 1937 times
Last edited by aashish97 on Wed Apr 29, 2020 8:56 am, edited 2 times in total.

India aashish97
Posts: 117
Joined: Sat Jul 06, 2019 10:45 am

Re: Self-Signed Intranet Site Blocked With SSL Error Via SafeSquid-SWG ( Client Discussion #6 )

Post by aashish97 » Mon Apr 27, 2020 4:33 am

Step2 : Create a Profile
-------------------------------------

As show below

--- Access Profile Edit ---

AccessProfile-Edit.png
AccessProfile-Edit.png (104.86 KiB) Viewed 1936 times

Save the policy and check once again if it is proper or not


--- Access Profile Save ----

AccessProfile-Save.png
AccessProfile-Save.png (15.01 KiB) Viewed 1936 times
Last edited by aashish97 on Mon Apr 27, 2020 4:39 am, edited 1 time in total.

India aashish97
Posts: 117
Joined: Sat Jul 06, 2019 10:45 am

Re: Self-Signed Intranet Site Blocked With SSL Error Via SafeSquid-SWG ( Client Discussion #6 )

Post by aashish97 » Mon Apr 27, 2020 4:33 am

Step 3: Bind this Profile in the HTTPS Section
As show below

------ Https Inspection Section Policy -----

HttpsInspection-Policy.png
HttpsInspection-Policy.png (24.82 KiB) Viewed 1936 times

NOTE: Check the Sequence as it is Very Important
The Policy which is created just now in HTTPS Section should be before the Default Policy as shown below

----- Https Inspection Policy Sequence ------

HttpsInpection-PolicyShow.png
HttpsInpection-PolicyShow.png (45.03 KiB) Viewed 1936 times

It is done
Refresh the sites Webpage
You will see the default page of your website as shown below

------ Refreshed Accessible Website ------

SSL-Bypass-ALLOWED.png
SSL-Bypass-ALLOWED.png (22.88 KiB) Viewed 1936 times

Post Reply