Downloading and Installing the Symantec Web Security.cloud Root CA on users' browsers

When you activate HTTPS Inspection, SSL-encrypted web traffic is routed through the Web Security infrastructure. Before you turn on HTTPS Inspection for your Web Security service, you must do the following:
  • Download the Symantec Web Security.cloud Root CA from the portal.
  • Install the certificate on all of the web browsers that are connected to the Web Security service.
    Take this step to ensure that the Symantec Web Security.cloud Root CA is authenticated by your users' browsers. If you do not install the certificate on each browser, users receive a certificate error when they access a website using HTTPS.
For browsers that use the local certificate store, you can use an Active Directory Group Policy to install the certificate. You can also install the certificate manually on each user's browser. For Mozilla Firefox browsers, you must install the certificate manually into the browser certificate store.
Adding the Symantec.cloud root certificate to the local certificate store using Group Policy
Internet Explorer and Google Chrome are examples of web browsers that use the local certificate store. The following procedure describes how to use an Active Directory Group Policy to add the Symantec.cloud root certificate to the local certificate store of each user in the group.
  1. To add the Symantec.cloud root certificate to the certificate store using Group Policy
  2. In the portal, click
    Tools
    >
    Downloads
    >
    Symantec Web Security.cloud Root CA
    . Click
    Download
    and save the certificate to a suitable location.
  3. In Active Directory, edit the appropriate group policy. For example,
    Default domain policy
    .
  4. Navigate to
    Computer Configuration
    >
    Policies
    >
    Windows Settings
    >
    Security Settings
    >
    Public Key Policies
    >
    Trusted Root Certification Authorities
    .
  5. Right-click
    Trusted Root Certification Authorities
    and choose
    Import
    .
  6. Browse to the Symantec.cloud root certificate that you downloaded, select it, and click
    Next
    .
  7. Confirm that the certificate is placed in the correct certificate store, and then click
    Next
    .
  8. Click
    Finish
    to import the certificate into the Group Policy.
    The Group Policy setting takes effect after the affected computers are restarted.
  9. Manually adding the Symantec.cloud root certificate to the local certificate store
    Internet Explorer and Google Chrome are examples of web browsers that use the local certificate store on each users' computer. The following procedure describes how to manually add the Symantec.cloud root certificate to a user's computer.
    To manually add the Symantec.cloud root certificate to the local certificate store
  10. In the portal, click
    Tools
    >
    Downloads
    >
    Symantec Web Security.cloud Root CA
    . Click
    Download
    and save the certificate to a suitable location.
  11. Run
    MMC.exe
    .
  12. Choose
    File
    >
    Add/Remove snap-in
    .
  13. Select
    Certificates
    and click
    Add
    .
  14. Choose
    Computer Account
    and click
    Next
    .
  15. Select
    Local computer
    and click
    Finish
    .
  16. Click
    OK
    to add the Certificates snap-in to MMC.
  17. Expand
    Trusted Root Certification Authorities
    , right-click
    Certificates
    , and choose
    Import
    .
  18. At the welcome page, click
    Next
    .
  19. Browse to locate the certificate file, select the file name, and click
    Next
    .
  20. Ensure that the certificate is placed in the
    Trusted Root Certification Authorities
    store, and click
    Next
    .
  21. Click
    Finish
    to import the certificate.
  22. In the portal, click
    Tools
    >
    Downloads
    >
    Symantec Web Security.cloud Root CA
    . Click
    Download
    and save the certificate to a suitable location.
  23. Open Mozilla Firefox.
  24. Select
    Tools
    >
    Options
    .
  25. On the left navigation bar, click
    Advanced
    and then click
    Certificates
    .
  26. Click
    View Certificates
    .
  27. On the
    Authorities
    tab, click
    Import
    , browse to the certificate file and click
    Open
    .
  28. Check the
    Trust this CA to identify websites
    check box and click
    OK
    .
  29. Click
    OK
    to close the Certificate Manager window.