→ Applies to: SynetoOS 5.x

Some customers use transparent proxies that intercept SSL traffic to scan it for viruses and malicious content. This is done by generating "imitated" certificates that are used for every HTTPS connection intercepted. These certificates, however, are not publicly verifiable, which means that no device (including SynetoOS) will be able to trust HTTPS connections through this proxy.

To resolve this issue, you need to add the proxy's CA certificate to the list of certificates trusted by SynetoOS.

Step 1. Connect to SynetoOS appliance via SSH as admin

ssh admin@<your_ip_address_or_hostname>

Step 2. Become Super User

sudo su

Step 3. Obtain the proxy's CA certificate

The certificate must be obtained from the proxy administrator or the client network.
It must be in PEM format and saved under the name privateCA.crt

Step 4. Download the certificate in SynetoOS, within tmp folder (use software like WINSCP)

Step 5. Copy the certificate in the correct position

cp /tmp/privateCA.crt /etc/pki/ca-trust/source/anchors/

Step 6. Set permissions and owner

chmod 644 /etc/pki/ca-trust/source/anchors/privateCA.crt

chown root:root /etc/pki/ca-trust/source/anchors/privateCA.crt

Step 7. Update the list of trusted certificates

update-ca-trust