View this page in English

Censornet - internet filtering on your terms

BECTA Accredited products VMWare Certified Virtual Appliance Members of the Internet Watch Foundation Shortlisted for the BETT 2008 Awards Computer Security Awards finalist
Chat online now or call +44 (0) 845 230 9590 for help & advice

Search knowledge base

Product specific

Home » Knowledge base » The authenticitiy of the secure web site could not be verified

The authenticitiy of the secure web site could not be verified

July 19, 2011 • Customer Services       
Synopsis

The authenticity of the secure web site: XXXXXXXXXXXXXXXXXXXXXX could not be verified, the reason is: XXXXXXXXXXXXXXXXXXXXXXX appears in the web browser.

Article

This happens when SSL Intercept mode is enabled and CensorNet encounters a web site that has an invalid certificate or a certificate that is signed with a root authority that CensorNet does not know about, e.g. it is internal.

The easiest solution is to add the URL including the port 443 e.g. intranet.mydomain.com:443 to a Filter Bypass URL category.

For users on CensorNet Pro v1.4.x or above you have two options:

Firstly, you can disable the SSL cert verification (not recommended as it opens security holes from phishing sites and MITM attacks) by editing the file:

/etc/cnv4/cn_proxy.xml

Locate the line that reads:

<ssl_verify>1</ssl_verify>

...and change it to:

<ssl_verify>0</ssl_verify>

...save the file, exit the editor, then restart the filtering proxy service.

Alternatively, you can look at the SSL certificate for the web site in question (using a browser without proxy settings and check the Issuer of the certificate by clicking the padlock icon). Then contact the issuer of the certificate and get them to send you the relavent public certificate authority files to verify it. Send these files to Technical Support and we will install them onto your CensorNet server remotely.

Related articles


Last modified on Tue, July 19, 2011 « Back