Athena SWG (formerly Internet Access Gateway) ensures visibility and control across the network, detecting risks like unauthorized access, non-compliant activities, and data leaks to manage endpoints.
The AD domain can directly push the certificate and get the PC in the domain to install the root certificate.
In an environment without domain control, choosing Online Activities > Advanced > SSL Certificate Distribution in the device is recommended.
How does the device determine whether the PC client is equipped with the root certificate?
If each endpoint has a marker, determine whether the root certificate needs inspection and whether it has passed the inspection.
If the root certificate needs inspection but does not pass the inspection, redirect to http://x.x.x.x/httpscert/https.htm?vlanid=xxx&url=xxxxxx&signver=xxxx, to inspect the root certificate. Whether the root certificate is installed can be determined by whether checkcert.js is loaded.
If the inspection passes, http://x.x.x.x/httpscert/handler is distributed to skip back to the originally accessed page, such as Baidu.
If it does not pass the inspection, http://x.x.x.x/httpscert/handler_failed is distributed to access the root certificate download page (http://x.x.x.x/httpscert/index.html).
A new root certificate MD5 will be distributed if the root certificate needs to be switched. When there is traffic from the user, a global root certificate MD5 will be compared with the user's original root certificate MD5. If both are not identical, the endpoint passing the inspection will be marked, and the SSL certificate will be redistributed.
Finally, the certificate can be manually installed. After downloading an installation package on the PC client, double-click it to install.
{{ $t('index.defaultHeader.chromeBrowserTip') }}