Downloading the Certificate Authority

Once the HTTPS content has been decrypted, the original site certificate cannot be used by the browser to authenticate the connection, so the original certificate is replaced by one generated automatically on the appliance using a Sophos-generated certificate authority. This replaces the original certificate, which requires that you download and install the Sophos-generated certificate authority into your users’ browsers, which can be done as a centralized system administration operation using Active Directory Group Policy Objects.

To download the Sophos-generated certificate authority and distribute it to your users’ browsers:

  1. Click Download a copy of the certificate authority.

    If you are prompted for the purpose of the authority, select "to identify web sites".

  2. Save the authority.
  3. Distribute the authority to your users using a Group Policy Object in Active Directory.

    See the Installing the Sophos-Generated Certificate Authority in your Users’ Browsers Knowledgebase article for instructions on how to do this.