Provide an easier way to deploy SSL Decryption CA on mobile devices
I again noticed last night, the issue of getting Cert's onto Client devices in order for HTTPs decrypt and scan to work. Its fine for us IT people or Techies but for end users its always a headache (well in my case it has) So I wondered if it would be possible for Cert installation to be added as a feature of either Sophos Mobile control or another App that can be downloaded via the XG user portal or even just a link on the user portal (we already have the Client Auth cert on the user portal for IOS/Android so why not add the HTTPS decrypt and scan cert too)? That could be downloaded or logged onto so that users can easily install the HTTPs decrypt and scan Cert, I realise it can be done via an MDM solution but not everyone will have access to an MDM solutions so it would be a great idea if something could be done for Sophos XG licence holders..
John Kenny commented
This has been implemented to an extent in the v18 dpi engine but would be nice to have an easier way to export and install the ssl cert for end users still as even with the dpi engine you still should install the https decrypt cert.
I would really like it if teh Authentication Client automatically installed relevant Certificates from the firewall. I have a couple ideas about how this could be implemented:
1) During the download and installation the relevent certificates could be downloaded and installed.
2) During operation the client could sense a network location and firewall change (e.g. work/home) and suggest downloading and installing new certificates to support the firewall you are now sitting behind.