Knowledgebase
Validating SSL certificates
Posted by Michael Skoupý on 16 July 2019 09:12 AM

Safetica endpoint client decrypts network connections in order to monitor and restrict user actions performed on the network (visiting web sites, uploading files, synchronizing cloud files, etc.).

After decrypting a network connection, Safetica encrypts it again using its own self-signed certificate. As a side effect, web browsers may recognize this behavior as valid and trusted even when the end user visits untrusted connections, such as unsecure or phishing web sites.

Safetica, therefore, performs additional connection validation to verify web sites’ certificate hierarchy and confirm that all involved certificate authorities are to be trusted.

To work correctly, this certificate verification requires that the logged in user has connectivity to web sites’ certificate authorities. With connectivity limited, the verification may fail and visited web sites may be marked untrusted by web browsers.

Safetica validates SSL certificates using native Windows verification, follows cybersecurity best practices and is also aligned with the standards used by the Chromium project, which serves as the basis for a variety of modern web browsers.

For more information on how to Safetica overview SSL certificates please go see the article: Overview of digital certificate use in Safetica