Google are about to withdraw their nosslsearch option that web filtering systems, including Protex, use to filter Google searches and to blank inappropriate image thumbnails in Google image search. The effect of this is to force all Google searches to be encrypted between the browser and the Google servers using https. For that reason E2BN Protex and other filtering providers are introducing https content-inspection for Google search in order to maintain the level of filtering protection currently provided.
This means that schools will be required to install a ProtexRootCA certificate on every device.
ALL users of Protex need to install the certificates to avoid encountering browser certificate errors when accessing Google following the system upgrades.
Further details are available on the Protex website here: http://protex.e2bn.org/cms/help/sslcerts.html
Below are instructions for the most common scenarios:
Installation via Group Policy (Active Directory) - for IE on Windows Vista 7 and 8
THIS IS THE PREFERRED OPTION: whenever possible use Group Policy to distribute the certificate to every Windows computer on your network as installing on individual computers is time-consuming. In addition, we have now had several issues reported with getting the certificate to install correctly - usually related to local differences in administrative user permissions.
Download and the .crt file from http://protex.e2bn.org/certs/ProtexRootCA.crt
- Open the Group Policy object (GPO) that you want to edit.
- In the console tree, click Trusted Root Certification Authorities here:
Policy Object Name/Computer Configuration/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certification Authorities
- On the Action menu, point to All Tasks, and then click Import.
This starts the Certificate Import Wizard, which guides you through the process of importing a root certificate and installing it as a trusted root certification authority (CA) for this GPO.
Installation - Standalone Device - Windows 8 single or multiple users - Windows 7 single User
Note: this must be done by a user with Administrative rights - in particular the user must have the right to add a certificate to the Trusted Root Certification Authorities store.
Download and the .crt file from http://protex.e2bn.org/certs/ProtexRootCA.crt. This should save it into your documents/or downloads folder. Locate the .cer file in your documents or download folder. Double-Click the file and accept any UAC warnings. You should then be presented with a screen similar to below this:
Click on "Install certificate..." and select Local Machine and the store location Trusted Root Certificate Authorities
Install the certificate in the Trusted Root Certificate Authorities directory shown in the image below, if you do NOT install the certificate in this directory Protex will NOT function correctly.
Click "Next" and then "Finish" to complete the process.
NOTE on Windows 7. If the Certificate icon has a red cross next to it the installation has failed even though it is reported as being successful. The certificate HAS been imported but is NOT trusted. See this article for possible solutions. Whenever possible it is best to use the Group Policy the distribute the root certificate.
Installation on Windows 7 - Standalone Device with multiple users
To add certificates to the Trusted Root Certification Authorities store for a local computer
Administrators is the minimum group membership required to complete this procedure.
- Click Start, click Start Search, type mmc, and then press ENTER.
- On the File menu, click Add/Remove Snap-in.
- Under Available snap-ins, click Certificates,and then click Add.
- Under This snap-in will always manage certificates for, click Computer account, and then click Next.
- Click Local computer, and click Finish.
- If you have no more snap-ins to add to the console, click OK.
- In the console tree, double-click Certificates.
- Right-click the Trusted Root Certification Authorities store.
- Click Import to import the certificates and follow the steps in the Certificate Import Wizard.
Installation on OSX
Download the .crt certificate file - http://protex.e2bn.org/certs/ProtexRootCA.crt - and save it in a directory you will remember. For example, your desktop.
Double click on the certificate and should should get the following screen. Click "Always Trust".
Enter your administrator account password and click on "Update Settings" to install the certificate. The certificate is now installed for this account only. To make it available to all users of this OSX device start the Keychain Access utility (in Applications/Utilities) and copy the certificate from the login chain to thesystem one. Use "Right-click" when copying and pasting the certificate item and you will also need to enter and the password again to complete the copy.