Release of SWA v4.3.6 - Safesearch for Bing over HTTPS

It's time for another small update for the Web Appliance. Version 4.3.6 will be going out to customers over the next couple of weeks.

This version addresses a number of bugs that have been reported by customers. See the release notes for details.

It also extends the Safe Search enforcement feature of the Web Appliance by adding the ability to enforce safe search for Bing, even when HTTPS decryption is not enabled. This is done by using the DNS substitution method described by Microsoft here, where the SWA will transparently translate all connections to bing.com to use strict.bing.com. A similar method has been used for Google searches for some time now.

This is probably also a good time to remind customers that the default HTTPS signing CA included at install time in the Web Appliance will expire on May 20, 2018. As mentioned in this earlier blog post, we recommend that you take steps to roll out the new CA to all endpoint devices that currently trust the old CA, and manually make the switch before May 19 if you're ready. 

On May 19, your Appliance will automatically start using the new CA for HTTPS decryption and other purposes. This will cause users to see warnings in their browser about an unrecognized certificate - but not changing the certificate would cause errors relating to the certificate's expired validity.

Note that this will also impact the certificate used to authenticate connections to the Appliance's administrative UI. The Appliance will automatically generate a new certificate for the UI, signed by the new CA.