SSL Intercept is a new feature that allows SecureSchool to decrypt SSL/HTTPS packets from websites so they can be content filtered, URL filtered, and/or modify the request header. This will allow you to:
1.) Support Google’s “GoogleApps-Allowed-Domains” for specified domains and prevent access to personal accounts (https://support.google.com/a/answer/1668854?hl=en)
2.) Block access to YouTube (if you want), or allow individual YouTube videos by Video ID and still allow access to Google apps
3.) Allow all users (including Students) to access ANY site over HTTP/SSL since they will now be content filtered.
To use SSL Intercept you need to have an appliance that can support the additional processing power required for the SSL encryption and decryption, then you will need to install the SecureSchool CA Certificate from your SecureSchool appliance. Since SSL Intercept is enabled per filter set, you only have to install the certificate on devices using the filter set or sets that have SSL intercept enabled, but it will NOT cause any issues to install the certificate on all of your computers ahead of time.
The SSL protocol encrypts the connection between the client and the website/server so any content filter in between (like SecureSchool or ANY other filter) can’t actually see any content other than the hostname. This prevents the content filter from filtering on the full URL or the actual content of the page. With SSL Interception, and with the clients having a CA certificate installed from the SecureSchool appliance, we to intercept the traffic between the client and the website. SecureSchool then creates a secure connection to the website and a separate secure connection to the client. Since we are in the middle we get to see the un-encrypted content and can filter based on the full URL and the content of the page.
To use this feature you need to have the SecureSchool CA Certificate installed on the client devices. In this Knowledge Base Article, Installing SecureSchool CA Certificate for SSL Intercept, we show you how to deploy the certificates with a Group Policy Object (GPO), with the Google Admin Console for Chromebooks, on FireFox Browser and on an Apple IOS device. For mobile devices, most MDMs provide a way to deploy certificates as well.