Choosing SSL
Intercept Mode from the menu displays the following screen (Figure 4.25).
Figure 4.25 – SSL Intercept Mode
SSL Intercept Mode
is a means where, if enabled, every time you visit a site with a URL of the
form https://somesite.com the CensorNet
will offer the browser its own Certificate.
If the browser accepts it, then the CensorNet has access to the data “in
the clear” and can provide its filtering on https sites. If the active filter configuration would then
permit such a site to be visited, the CensorNet will then re-encrypt the
traffic before continuing communication with the target site.
Such decryption and
re-encryption of the data stream takes significant amounts of resource and it
is for this reason that by default the option is disabled.
If you choose to
enable it you should be sure that your CensorNet has sufficient resources in
terms of processor capacity and RAM to cope with the number of users who may be
going through the system. You should
also ensure the following.
That you click the “Download CA Certificate” button and save the file. You then need to import this certificate into
every browser on your network. Please
see our separate guide for instructions on doing this.
Related Topics