→ Applies to: SynetoOS 4.x

Some customers use transparent proxies that intercept SSL traffic to scan it for viruses and malicious content. This is done by generating "imitated" certificates that are used for every HTTPS connection intercepted. These certificates, however, are not publicly verifiable, meaning that no device (including SynetoOS) will be able to trust HTTPS connections through this proxy.

To resolve this issue, you need to add the proxy CA certificate to the list of certificates trusted by SynetoOS.

Step 1. Connect to SynetoOS appliance via SSH as admin

ssh admin@<your_ip_address_or_hostname>

Step 2. Remove bash_profile

rm ~admin/.bash_profile

After running the command, you need to perform logout and login again.

Step 3. Become Super User

sudo su

Step 4. Obtain the proxy's CA certificate

The certificate must be obtained from the proxy administrator or the client network.
It must be in PEM format and saved under the name privateCA.crt

Step 5. Download the certificate in SynetoOS' tmp folder (use software like WINSCP)

Step 6. Copy the certificate in the correct position

cp /tmp/privateCA.crt /etc/pki/ca-trust/source/anchors/

Step 7. Set permissions and owner

chmod 644 /etc/pki/ca-trust/source/anchors/privateCA.crt

chown root:root /etc/pki/ca-trust/source/anchors/privateCA.crt

Step 8. Update the list of trusted certificates

update-ca-trust