Views:

The issue occurs because if the HTTPS/SSL policy is enabled, the HTTPS traffic will be decrypted for scanning and will be reassigned a new TMWS root Certificate Authority. However, the browser does not recognize the new certificate.

To resolve the issue, import the new TMWS root Certificate Authority (CA) to the client’s trusted root certificates:

To download the TMWS root CA:

  1. Log in to the TMWS web console.
  2. Go to Policies > Global Settings > HTTPS Inspection.
  3. On the lower section, click on the following depending on your setup:
    • Download and install an SSL certificate (for cloud proxy) to client devices.
    • Download and install an SSL certificate (for on-premises proxy) to client devices.

    Global Settings

    Click the image to enlarge.

  4. Run the certificate and install it in Trusted Root Certification Authorities.

To import it in IE:

  1. Go to Start > Manage computer certificates.
  2. Click Trusted Root Certification Authorities, and then right-click the Certificates folder.
  3. Select All Tasks, and then click Import. This will open the Certificate Import Wizard.

    IE Import Certificate

    Click the image to enlarge.

  4. Make sure to import your TMWS certificate from the TMWS console.
  5. Follow the prompt to finish the wizard.

To import in Firefox:

  1. Go to Application Menu > Options. Privacy & Security > Certificates.

    Firefox Settings

  2. Click Privacy & Security, go to Certificates section, and then click View Certificates.

    View Certificates

    Click the image to enlarge.

  3. Select Authorities, then click Import.

    Import Certificates

    Click the image to enlarge.

     
    In Firefox, the CA cannot be imported to both the server and authorities. If the CA was imported to the server, delete it first.
     
  4. Navigate to the download folder and select the current_ca_cert.cer file.
  5. Select Trust this CA to identify websites, and then click OK.

For more information in deploying TMWS certificate, please refer to the following from our Online Help page: TMWS Certificate Deployment

To Deploy Certificate via GPO:

After downloading TMWS Certificate from the Web console, deploy the Certificate by using GPO.

Refer to the Microsoft Technet article: Deploy Certificates by Using Group Policy

For additional information, you can refer to another Microsoft Technet article: Distribute Certificates to Client Computers by Using Group Policy.

Keywords: sites not displaying correctly,distorted websites,HTTPS/SSL policy enabled,secure sites not showing properly