This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

web proxy certificate

Hi,

We have an SG 310 and using it in a Transparent mode and NO authentication, Today when browsing a page get a message that the crtificate is not trusted. I did check the property of the certificate and can see this

I have no idea who it is the stats.g.doubleclick.net !

We dont want to install this cert on the clients because it was not needed in pase 4 years that we using this UTM!

Any suggetion?



This thread was automatically locked due to age.
Parents
  • Hello.  I assume you're not using decrypt & scan?  The webpage they're getting the certificate warning on (stats.g.doubleclick.net by the looks of it).....what does it show in the web filtering logs for this url?  Likely you are seeing the untrusted certificate page because the UTM is trying to display a web filtering block page to the end user.  The web filtering block page is HTTPS and uses the certificate installed (or the default certificate) for web filtering.  

    Tim

  • Hi Tim,

     

    Thank you for your reply and sorry for late reply,

    you are right we are not using decrypt and scan.

    I did check the web filtering logs and see this:

     

    2019:01:21-16:15:48 securitysrv1-1 httpproxy[32097]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="CONNECT" srcip="10.0.10.240" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdbca6a00" url="https://stats.g.doubleclick.net/" referer="" error="" authtime="0" dnstime="0" cattime="84" avscantime="0" fullreqtime="228338" device="0" auth="0" ua="" exceptions="" reason="category" category="154" reputation="neutral" categoryname="Web Ads"

     

    What I dont understand is who is the stats.g.doubleclick.net? we dont even try to open that url so why woyld the utm block this url?

     

    Thanks

Reply
  • Hi Tim,

     

    Thank you for your reply and sorry for late reply,

    you are right we are not using decrypt and scan.

    I did check the web filtering logs and see this:

     

    2019:01:21-16:15:48 securitysrv1-1 httpproxy[32097]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="CONNECT" srcip="10.0.10.240" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdbca6a00" url="https://stats.g.doubleclick.net/" referer="" error="" authtime="0" dnstime="0" cattime="84" avscantime="0" fullreqtime="228338" device="0" auth="0" ua="" exceptions="" reason="category" category="154" reputation="neutral" categoryname="Web Ads"

     

    What I dont understand is who is the stats.g.doubleclick.net? we dont even try to open that url so why woyld the utm block this url?

     

    Thanks

Children
  • "stats.g.doubleclick.net Is one of DoubleClick subdomains used for loading tracking pixels or as an alternative for loading Google Analytics, collecting statistics and data that google uses to analyze and display advertisments."

    It would appear this URL is used for advertisement or marketing purposes.  Many websites use this URL, it gets accessed in the background automatically.  This is the reason why you're getting the invalid certificate.  The UTM is trying to display the block page showing this URL as being blocked and because your browser doesn't trust the UTM's self signed certificate when it attempts to present it in order to present the block page.  

    You can either deploy the certificate to endpoints, create an exception to allow this URL, or continue to block it as is, it's up to you how you want to proceed.  

    Tim

  • Hi Tim,

     

    Thanks for your reply,

     

    We have an application that when opened, it display a website as its start page. The website that displays is owned by the customer that use the the application so we trust that website.

    If I understood you correctly my browser dont show me the default warning page of the Sophos becuase I dont have the UTM cert on my PC, am I right?

    What I dont understand is why we suddenly  getting this warning?

     

    Thanks

    Update,

    This time I get the same Warning but this time for this URL:

    googleads.g.doubleclick.net

  • You are correct.  Your browser is giving you the untrusted certificate warning because you do not have the root CA installed on your PC.  I really can't tell you why a user wouldn't be getting the warning page, you would have to look at your web filtering logs to first determine if there's any reason why they should be getting the warning.  If you're on a domain, I would recommend that you simply push the CA certificate out via a GPO, this will solved your issue.

    Tim