Downloading and Installing the Symantec Web Security.cloud Root CA on users' browsers
When you activate HTTPS Inspection, SSL-encrypted web traffic is routed through the Web Security infrastructure. Before you turn on HTTPS Inspection for your Web Security service, you must do the following:
- Download the Symantec Web Security.cloud Root CA from the portal.
- Install the certificate on all of the web browsers that are connected to the Web Security service.Take this step to ensure that the Symantec Web Security.cloud Root CA is authenticated by your users' browsers. If you do not install the certificate on each browser, users receive a certificate error when they access a website using HTTPS.
For browsers that use the local certificate store, you can use an Active Directory Group Policy to install the certificate. You can also install the certificate manually on each user's browser. For Mozilla Firefox browsers, you must install the certificate manually into the browser certificate store.
Adding the Symantec.cloud root certificate to the local certificate store using Group Policy
Internet Explorer and Google Chrome are examples of web browsers that use the local certificate store. The following procedure describes how to use an Active Directory Group Policy to add the Symantec.cloud root certificate to the local certificate store of each user in the group.
- To add the Symantec.cloud root certificate to the certificate store using Group Policy
- In the portal, clickTools>Downloads>Symantec Web Security.cloud Root CA. ClickDownloadand save the certificate to a suitable location.
- In Active Directory, edit the appropriate group policy. For example,Default domain policy.
- Navigate toComputer Configuration>Policies>Windows Settings>Security Settings>Public Key Policies>Trusted Root Certification Authorities.
- Right-clickTrusted Root Certification Authoritiesand chooseImport.
- Browse to the Symantec.cloud root certificate that you downloaded, select it, and clickNext.
- Confirm that the certificate is placed in the correct certificate store, and then clickNext.
- ClickFinishto import the certificate into the Group Policy.The Group Policy setting takes effect after the affected computers are restarted.
- Manually adding the Symantec.cloud root certificate to the local certificate storeInternet Explorer and Google Chrome are examples of web browsers that use the local certificate store on each users' computer. The following procedure describes how to manually add the Symantec.cloud root certificate to a user's computer.To manually add the Symantec.cloud root certificate to the local certificate store
- In the portal, clickTools>Downloads>Symantec Web Security.cloud Root CA. ClickDownloadand save the certificate to a suitable location.
- RunMMC.exe.
- ChooseFile>Add/Remove snap-in.
- SelectCertificatesand clickAdd.
- ChooseComputer Accountand clickNext.
- SelectLocal computerand clickFinish.
- ClickOKto add the Certificates snap-in to MMC.
- ExpandTrusted Root Certification Authorities, right-clickCertificates, and chooseImport.
- At the welcome page, clickNext.
- Browse to locate the certificate file, select the file name, and clickNext.
- Ensure that the certificate is placed in theTrusted Root Certification Authoritiesstore, and clickNext.
- ClickFinishto import the certificate.
- In the portal, clickTools>Downloads>Symantec Web Security.cloud Root CA. ClickDownloadand save the certificate to a suitable location.
- Open Mozilla Firefox.
- SelectTools>Options.
- On the left navigation bar, clickAdvancedand then clickCertificates.
- ClickView Certificates.
- On theAuthoritiestab, clickImport, browse to the certificate file and clickOpen.
- Check theTrust this CA to identify websitescheck box and clickOK.
- ClickOKto close the Certificate Manager window.