I have added a new page onto the blog, I strongly suggest you read it: http://hics.lea.herts.sch.uk/tech/content-filtering/ssl-inspection/
As explained in the above URL, Google advise they will be making some changes and this will impact your school. If you wish to continue with the existing safe settings, you will need to import the certificate into all devices on your network. Browsing here: http://ssl-filtering.updata.net will provide the instructions required to talk you through what needs to be done. There is also a large message in the middle of the page which clearly tells you whether or not the certificate has been correctly installed or not. Once you are happy that this has been deployed throughout the network, Updata need to enable SSL inspection for your school. Updata are looking to roll this out in a controlled manner. Whilst this is a sensible stance, I am equally keen for Updata to proceed as quickly as possible! However, I strongly suggest you get the certificates deployed throughout the network so you are ready to go. Once you have done this, please email email@example.com to advise.
Some key points:
Google’s safe search will be forced on with or without SSL inspection – so you will not lose that functionality don’t worry. Once Google make the change scheduled for 24/6, without SSL inspection the search keywords functionality will disappear. This means, that users will be able to search on any term they wish…and get a ‘safe’ return because the Google safety mode will still kick in. With SSL inspection turned on, users will once again be restricted as to what term they can search on.
This is HTTPS already.. Without SSL inspection (as it stands), ALL searches and images in Yahoo will come up when searching, hence the reason for restricting access to this website for WF1 users only. There is no filtering on the search results in Yahoo. However, with SSL inspection enabled, the safety settings will return. Please be aware that for the foreseeable future, Yahoo will stay on WF1 only.
YouTube is also currently HTTPS but with SSL inspection enabled, all unsafe videos will not be viewable. As it stands users can currently disable safety mode. In truth, we receive very few related queries on this… But it’s something to be aware of.
Bing has a HTTPS site (only accessible on WF1) and without SSL inspection, it produces unsafe results. The HTTP site is fully accessible, search keywords work and safety mode is forced on. With this in mind, you may want to suggest this search engine for the time being.
The transparent proxy:
For now, SSL inspection will not be available on this network. The proxy component needs to be changed and discussions are under way for this to happen. Google safe search will be forced on for these users. Further communications will follow..
Import the certificates first:
If Updata enable SSL inspection first, users will get error messages when trying to browse to Yahoo, Google and Yahoo. So once you are happy with you preparation, please then get in touch with us.
If you have a particular IP addresses you do want to have SSL inspection deployed for, we can arrange this. I’ll give you an example why you may want this.. We have trialled 10 schools on the network for this. One of them reported that their active directory was no longer syncing with the Google cloud, so Updata disabled this particular IP address from having the SSL inspection capabilities – even though it was permitted for the rest of the LAN. The issue has since been fixed by Updata and SSL has been turned on for this IP address once again.
Myself and my colleagues have been busy highlighting these pending changes to schools. Communications are being sent out, and Head Teachers have been briefed on this, so you are likely to be asked questions.
As ever, if you do have any queries on this please get in touch. If you’d be kind enough to email firstname.lastname@example.org in the first instance, it would be appreciated.