To use SSL Intercept you need to have the SecureSchool CA Certificate installed on the clients. In this article, we will show you how to deploy the certificates with a Group Policy Object (GPO), with the Google Admin Console for Chromebooks, on FireFox Browser and on an Apple IOS device. For mobile devices, most MDMs provide a way to deploy certificates as well. Here is a Knowledge Base Article to get more information about our SSL Intercept for SecureSchool.
First, you need to download the SecureSchool CA Certificate for your School. In a web browser access the SecureSchool appliance web interface and modify the URL to add "/ssl" after the IP address or DNS name for your SecureSchool appliance (ex. http://192.168.1.1:81/ssl). Click on the link to download the SecureSchool CA Certificate (ss_cacert.pem.crt) and then you will need to install the certificate into your browser on the device you are using.
Important - Please check the certificate information. If anything is incorrect (does not have your information) or out of date, please call toll-free 877-225-0100, or email firstname.lastname@example.org for tech support.
Installing the CA Certificate using Microsoft Group Policy
1. To add certificates to the Trusted Root Certification Authorities store for a domain.
2. Click Start, point to Administrative Tools and then click Group Policy Management.
3. In the console tree, double-click Group Policy Objects in the forest and domain containing the Default Domain Policy Group Policy object (GPO) that you want to edit.
4. Right-click the Default Domain Policy GPO, and then click Edit.
5. In the Group Policy Management Console (GPMC), go to Computer Configuration, Policies, Windows Settings, Security Settings, and then click Public Key Policies.
6. Right-click the Trusted Root Certification Authorities store.
7. Click Import and follow the steps in the Certificate Import Wizard to import the certificates.
Installing the CA Certificate on a Chromebook using Google Admin Console
- Sign into your Google Admin console at https://admin.google.com
- Click Device management > Network > Certificates.
- In the dialog box, upload your ss_cacert.pem.crt file.
- IMPORTANT - MUST CHECK “Use this certificate as an HTTPS certificate authority”.
- Click Save, and then Done.
Installing the CA Certificate on a Windows Computer for Internet Explorer & Chrome
1. Locate the "ss_cacert.pem.crt" file on your computer and double-click on it.
2. Once you have the install certificate button available, select "Install Certificate".
* If you do not see the Install Certificate option close IE and then right click on IE and choose run as administrator and load the page again.
3. This will launch the Certificate Import Wizard.
4. Select the option “Place all certificates in the following store” and select browse.
5. Select "Trusted Root Certification Authorities" and click OK.
* In some cases you have to check show physical stores, then select “Local Computer” under Trusted Root Certification Authorities.
6. Confirm that "Trusted Root Certification Authorities" is selected and click Next.
7. Click Finish on Completing the Certificate Import Wizard
8. Click "Yes" on the security warning to install the certificate
9. You should get a message that the import was successful.
10. Certificate install is complete.
Installing the CA Certificate on a Windows Computer for Firefox
1. Open up Firefox and Click on the "Open Menu" icon in the top right corner.
2. Click on "Options" then "Advanced" then "Certificates".
3. Click on "View Certificates" then select the "Authorities" tab.
4. Click on "Import", then locate the "ss_cacert.pem.crt" file on your computer.
5. Make sure to check the "Trust this CA to identify websites.
6. Click "OK" when done and then scroll down until you see K12USA to verify that certificate is installed correctly.
7. Certificate install is complete.
Installing the CA Certificate on an Apple IOS Device
1. Either open the Safari web browser to the URL of the SecureSchool appliance SSL certificate page (ex http://192.168.1.1/ssl) or email the "ss_cacert.pem.crt" to an account then can be opened on the IOS device.
2. Click on the "ss_cacert.pem.crt" file or link in the web browser and you will be prompted to "Install Profile".
3. Click on "Install" top right corner, and you will be prompted to enter a passcode if you have one set.
4. Then you will get a security prompt warning, again click on the "Install" in the top right corner.
5. Then you will be asked to confirm that you want to install the Certificate, click on the "Install" on the bottom.
6. Then you should see a "Profile Installed", click "Done" to finish.
7. Certificate install is complete.