Overview
TLS inspection is a prerequisite for many Cato security products like IPS, RBI, Anti Malware etc. Every Client device that connects to the Cato Cloud must have the Cato or Custom root certificate installed as a trusted certificate for TLS inspection to take place. Failure to install the root certificate will prevent TLS Inspection and prevent the Cato Cloud from inspecting traffic from the device. This article shows how to verify if Cato or Custom Root Certificate is installed on your Windows or Mac device. It also shows how to locate the Root Certificate on the browser/device.
NOTE: For simplicity, the examples shown in this article are geared towards verifying of Cato Root Certificate. For Custom Root Certificate, the steps are exactly the same, except that instead of identifying for Cato CA, you should be looking out for your custom Root CA.
For instruction on how to install Cato Root Certificate, refer to How to install the Cato Certificate
For instruction on how to install Custom Root Certificate, refer to Securing-Traffic-with-TLS-Inspection-Using-Private-Certificates
Instructions
Verifying Installation of Root Certificate
A simple way to verify that the Cato Root Certification is installed and working is to browse to https://example.com while the device is connected behind a socket site, or while you are connected to your SDP client. In this section, we will show you how to verify if the Cato Root Certificate is installed on some of the commonly used browsers in Windows and Mac.
Microsoft Edge or Internet explorer
Chrome
If Cato Root CA is installed, clicking on the "lock" icon in the address bar and it will show "Connection is secure".
If the Cato Root CA is not installed, you will get a prompt stating that "Your Connection is not private".
Firefox
If Cato Root CA is installed, clicking on the "lock" icon in the address bar and it will show "Connection secure".
If the Cato Root CA is not installed, you will see the page "Software is Preventing Firefox From Safely Connecting to this Site.
Edge or Internet Explorer
If Cato Root CA is installed, clicking on the "lock" icon in the address bar and it will show "Connection is secure".
If the Cato Root CA is not installed, you will see the Not secure on the Address bar, and clicking on it will show that "Your connection to this site isn't secure".
Safari
If Cato Root CA is installed, the "lock" icon can be seen in the address bar. Clicking on it will show "Safari is using an encrypted connection to example.com".
If the Cato Root CA is not installed, you will see "This Connection Is Not Private".
Location of the Cato Root Certificate
The following section shows where to locate the Cato Root Certificate for the above browsers. For Mac devices, if a root certificate is installed on the system Keychain, it will be inherited by all applications that use the system's certificate store, including web browsers like Safari, Chrome, Edge, etc. In this section, we will also show you how to verify if the Cato Root Certificate is installed on the system keychain on your Mac.
Chrome:
- Go to chrome://settings.
- On the left, click Privacy and security.
- Click Security.
- Scroll to Advanced.
- Click Manage certificates and make sure you can see the Cato Network CA under the Trusted Root Certification Authorities
Firefox
- Launch Firefox
- Click on the hamburger icon on the top right and go to Settings
- Click on Privacy & Security
- Scroll to View Certificates and make sure you can see the Cato Networks
Edge
- Go to edge://settings/privacy
- Scroll down to the Security section and click on Manage Certificates
- The Certificates prompt box will open. Click on Trusted Root Certificate Authorities and you should see Cato Networks CA under it.
Mac
- Click on the "Finder" icon in the Dock (the icon with a smiling face).
- Go to the "Applications" folder.
- Open the "Utilities" folder.
- Double-click on "Keychain Access".
- Keychain Access will open
- Make sure you can find Cato Networks CA
0 comments
Please sign in to leave a comment.