Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Aug 20 13 7:51 pm
I can't find documentation on HTTPS inspection. What does it do actually?
Is it available in Professional?
Thanks.
Aug 21 13 1:39 am
Hi
HTTPS inspection is an enterprise feature.
There is a help page on it in the manual, under the WWW proxy (or hit the F1 key when you're on the SSL inspection tab in the WWW proxy). Basically it allows WinGate to gain access to the unencrypted data when surfing https sites. It does this by spoofing certificates to use back on the connection to the client based on the cert the server is using. For this reason, you need to deploy the signing certificate to client computer certificate stores to avoid browser certificate warnings - this is a standard requirement for any https inspection system.
Regards
Adrien de Croy
Jul 17 14 5:30 am
Hi Adrien,
Does this allow filtering https sites such as
https://www.facebook.com ?
Thank you.
Jul 17 14 10:58 am
Hi
yes, it means for sites like facebook, google etc that use https, you can scan, filter and cache etc.
Regards
Adrien
Jul 18 14 2:28 am
I tried to activate this feature but the "signer certificate" dropdown list is empty. Can you explain a little further on how to proceed in the case of Facebook ? How do I add the signer certificate ?
Thank you
Jul 18 14 4:34 am
HI
you need to generate or import a signer certificate. That is used for 2 things:
1. to sign certificates that are generated on-the-fly by WinGate when the user goes to an https site. These are the "spoofed" certificates that fool the client browser into accepting the certificate.
2. to deploy to client computers trusted root store
This is all to avoid certificate warnings, since in order to get in the middle of the https connection, WinGate needs to use its own certificate to talk to the client.
Regards
Adrien
Jul 23 14 7:01 am
The Docs have not guidance on how to create or what type of cert you need. (if there is, I could find it)
What type of Cert is needed for this Computer cert or Web cert or ????
Once the Cert is created, does it need to be installed anywhere other that the cert store?
Are their any step-by-step guide for this using Windows 2012 AD Certificate services?
Jul 23 14 4:17 pm
HI
there are a couple of requirements.
It needs the attribute set to enable it to be used for signing other certificates.
If you generate a cert in WinGate itself, it generates the correct attributes, you could look at those as a reference.
Need also basic constraints Extension with CA:true
Adrien
Jul 23 14 4:30 pm
But how do you create the cert in Wingate? There is no option on the config page to create a cert....
Jul 23 14 5:30 pm
in the tasks panel when you're in the certificates pane, click "Add Certificate".
Regards
Adrien
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.