The 'SSL interception' functionality provided by Smoothwall gives us the ability to intercept and filter inappropriate web traffic and search results. In order to perform SSL interception, Learning Academies Trust needs to decrypt, analyse, and then re-encrypt all traffic using a security certificate issued from our Smoothwall appliance. This certificate will ensure that you and other users remain protected from inappropriate content when accessing our internet.
In an environment with direct access to the internet, web traffic is encrypted by the server and then transfered directly to the user for decryption (as shown in the diagram below). An SSL certificate is used to establish a secure connection between the source (server) and destination (you) to ensure nobody can view your browsing or personal information.
To protect our users and to remain compliant with the filtering and monitoring requirements within the Keeping Children Safe in Education documentation, we route all internet connectivity through our Smoothwall appliances. Internet traffic is then decrypted, analysed and re-encrypted, during which any inappropriate content is blocked from reaching your device and logged on our reporting systems.
To analyse the web content you are accessing, we intercept the encryption between the server and your device (as shown in the diagram below). Your computer will then display an error message alerting you to an 'insecure' connection. This is because our Smoothwall appliance re-encrypts the data with a new certificate that your computer does not trust.
If you wish to use the internet on a personal device at one of our schools, you will need to manually install the certificate to our Root Certificate Authority. This will enable your device to trust our Smoothwall appliances and provide access to your re-encrypted information. If you are using a school issued device, the certificate will be installed automatically.
To protect our users and the security of their devices, the Root Certificate is only valid for a period of two years. After the certificate has expired you will need to install the new root certificate to continue receiving internet access.
Please note we exclude all online banking requests from HTTPS interception. Therefore the certificate you receive will be directly issued from the banking website. If this page shows as insecure (check for the padlock icon on your browser), we would advise not to proceed or enter any personal information.
For more assistance in accessing our internet, please use the buttons below to find out if you have the certificate installed already and the instructions on installing the certificate if you need to.
If you have any queries, please contact our technical support team via firstname.lastname@example.org or call 01752 938035.