Answer
When HTTPS inspection is enabled, there are actually two secure connections for each HTTPS session; one between the web server and the WebMonitor Proxy and one between the WebMonitor Proxy and the client browser.
In both cases, for the connection to be established, the client must verify that the certificate is signed by a Certification Authority that it trusts. This effectively means that in order for your client machines to be able to access HTTPS sites, they need to trust the certificate that WebMonitor is using to sign certificates. Certification Authorities certificates trusted by Windows machines, will be stored in the Trusted Root Certification Authorities certificate store.
By clicking the Export Certificate button (CER format), you will be able to save the certificate to disk. This will then allow you to deploy your certificate. There are two ways to deploy the certificate to your client machines, via Group Policy in an Active Directory domain environment or manually in other environments.
To deploy the certificate manually, perform the following steps:
- Copy the certificate to the client machine
- On the client machine go to Start > Run...> type mmc.exe and press Enter
- In the MMC window, select File > Add/Remove Snap-in
- Click the Add... button, select Certificates and click Add
- Select Computer Account and click Next
- Select Local computer and click Finish
- In the MMC, browse to the Certificates (Local Computer) > Trusted Root Certification Authories node
- Right click the node and select All Tasks > Import
- Locate the certificate copied in step 1 and import the certificate
- Leave the password field blank and proceed to the end of the wizard
To verify that the certificate was imported successfully, from the client machine browse to any HTTPS site using Internet Explorer, and verify that no warnings are shown.
Note: Some applications or browsers (e.g. Mozilla Firefox), might have their own custom certificate store. For such applications the certificate will need to be imported to the customer store separately. To import the certificate in Firefox, perform the following steps:
- Go to Tools > Options > Advanced > Certificates > View Certificates > Authorities
- Click the Import button and select the certificate
- Click OK