We get asked from time to time how to make the HTTPS Scanning CA available via the Captive Portal so users can install it themselves. I recently discovered that it's possible to do this using base64 encoding and a 'data:' URI. I thought some of you might find this useful. Here's how: Download a copy of your SSL CA file from the XG Firewall. If you're using the built-in CA, it will save as file 'SecurityAppliance_SSL_CA.pem' Next you need to encode the whole file using base64 and output it as a single line. On a Mac or a Linux system, you can do this by running $ base64 SecurityAppliance_SSL_CA.pem | tr -d '\n' Now, go to Authentication > Web authentication > Captive portal appearance. In the Login Page Footer HTML text box, paste the following: <a href='data:application/x-x509-ca-cert;base64, Now copy and paste the output of the command in step 2 above '>Download HTTPS certificate authority</a><p>By doing this, you consent to allowing your HTTPS web traffic to be decrypted and scanned for security purposes</p> Click 'Preview' to see what it looks like and check that the file downloads correctly when you click on the link. Click Apply to save

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Make your HTTPS CA available for download in the Captive Portal (and elsewhere)

We get asked from time to time how to make the HTTPS Scanning CA available via the Captive Portal so users can install it themselves. I recently discovered that it's possible to do this using base64 encoding and a 'data:' URI. I thought some of you might find this useful. Here's how:

Download a copy of your SSL CA file from the XG Firewall. If you're using the built-in CA, it will save as file 'SecurityAppliance_SSL_CA.pem'
Next you need to encode the whole file using base64 and output it as a single line. On a Mac or a Linux system, you can do this by running
$ base64 SecurityAppliance_SSL_CA.pem | tr -d '\n'
Now, go to Authentication > Web authentication > Captive portal appearance. In the Login Page Footer HTML text box, paste the following:
1. <a href='data:application/x-x509-ca-cert;base64,
2. Now copy and paste the output of the command in step 2 above
3. '>Download HTTPS certificate authority</a><p>By doing this, you consent to allowing your HTTPS web traffic to be decrypted and scanned for security purposes</p>
Click 'Preview' to see what it looks like and check that the file downloads correctly when you click on the link.
Click Apply to save

This thread was automatically locked due to age.

0 Keyur over 5 years ago

Hi RichBaldry

Thank you for such valuable information, It would be really helpful for fellow community members.

Regards,

Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 5 years ago

Although it is a good workaround, can be have built-in in the user-portal after the user has logged-in into next MR?

This should not require a lot of time for you (apart regression testing).

Regards
Cancel
Vote Up 0 Vote Down

Cancel