URL access fails with SSL interceptions when the site uses HTTP Strict Transport Security (HSTS)

search cancel

URL access fails with SSL interceptions when the site uses HTTP Strict Transport Security (HSTS)

book

Article ID: 168564

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Access to URLs such as Gmail or Facebook fails with SSL interceptions if the site uses HTTP Strict Transport Security (HSTS) and the web browser does not trust the ProxySG appliance certificate.

Cause

Without HSTS, when a user access a HTTPS URL and the certificate presented by the server (perhaps with server certificate issued by the appliance due to SSL interception) should be trusted by the browser, the browser presents an option to add the certificate as an exception. The user can then access the URL.

With HSTS, the browser must trust the certificate for the user to access the URL.

Resolution

To have the browser trust the appliance certificate, review the following KB articles.

Configure the SSL proxy on the ProxySG for transparent interception and authentication using an SSL certificate issued from a Microsoft PKI server
Add Edge SWG (Proxy SG) Certificate into Browser

Feedback

thumb_up Yes

thumb_down No