Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Aug 2019
    Posts
    1

    Default SSL Inspector using Active Directory CA Certificate

    Hi all,

    Currently doing squid with a CA certificate from my internal Microsoft CA so that all the ssl interception certificates are generated by the AD trusted cert. Looking at untangle, it doesn't seem that you can upload a CA cert for the package to use to generate intercepted certs. Is that possible? command line maybe?

    Thanks

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,384

    Default

    Not currently possible.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,025

    Default

    Oh, it's most certainly possible, but it's not terribly easy as you have to export the certificate correctly, then translate it to a .pem correctly.. THEN you can import it into Untangle.

    But honestly, it's far easier to just export the CA certificate Untangle generates for you, and then use a GPO to publish that certificate to domain members. That process is just as transparent, is far less error prone, and much easier to support over time.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,727

    Default

    Quote Originally Posted by sky-knight View Post
    export the CA certificate Untangle generates for you, and then use a GPO to publish that certificate to domain members.
    ^^^ This

    Not that I'm doing it. We have a mixed environment, with lots of user-owned equipment. I did look at SSL Inspection for just our domain machines, but with the mixed environment, certificate pinning, CAA records, etc, it just hasn't been worth the trouble. But if I did want to use SSL Inspector, I'd export Untangle's cert and push via group policy.
    Last edited by jcoehoorn; 08-21-2019 at 11:55 AM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.2.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2