Did you install the certificate?

Yes I did.

"IN" windows or the browser ?

I am all for using SSL inspection in the commercial world however, in may opinion its more trouble than its worth for home use.

When the wife starts asking why such and such doesn't work or she can't get to such and such site... You know, happy wife happy life.

At any rate, as dashpuppy stated, where did you install the cert?

Reference: https://support.untangle.com/hc/en-u...L-certificates

Let us know how you make out.

YOu know, i have that sign above my kitchen sink!

BTW, there is a reason why i put Cellphones & IOT devices all the same IOT network, because SSL inspection on phones & tablets is a HUGE PITA, it will work, then it breaks and all hell breaks loose ! Trust me, you don't need to inspect SSL on mobile devices, it does a horrible job of it and just causes issues. NOW for computers its totally different.

Both

You guys are absolutely right. It's a right pita. I've since disabled it. I don't need to hear it from the wife! I have multiple vlans: IoT, Main wifi (for adults), a guest network (which isn't really working with captive portal I might add, still playing with it) and one for my kid which has all the web filters blocking nasty stuff. It's been working great. I was just experimenting.

It only needs to be in "windows" not the browser. Just FYI..

On the phones, you will loose all your hair like i have !

By default, Firefox does not look at the Windows set of certificates, only its own set of certificates. However, you can configure Firefox to also trust the System's list of trusted certificates.

Alternate way by modifying default user profile.

Raw wiki article that KB article is likely based upon. https://wiki.mozilla.org/CA/AddRootToFirefox

For what it's worth, my general rule on SSL inspection is 'if you have a legal requirement to use it, fine; otherwise, don't bother'. It's a lot of trouble to get set up properly; requires modification of devices outside the NG Firewall itself; and ultimately doesn't really provide much in the way of additional effect. For example, Web Filter is just fine without SSL Inspector. App Control does its own DPI without needing SSL Inspector at all. The only app that sees a significant benefit from SSL inspection is Virus Blocker, and you shouldn't be relying entirely on gateway-based virus protection in the first place.

There's another method of SSL decryption — deep packet inspection — that works in a completely different way, usually requires dedicated hardware, and is entirely outside the realm of NG Firewall's capabilities. In that case, sure: inspect away. The man-in-the-middle-style inspection NG Firewall performs has its share of limitations and often times, the only solution is 'don't inspect that site'.