Troubleshooting HTTPS Decryption in SchoolProtect
When testing or after enabling HTTPS decryption, you might find that some devices or applications stop behaving properly because they either don't have the certificate installed correctly or the application does not support decryption.
These are some steps you can take when troubleshooting HTTPS decryption.
Nothing works on a device or getting 'your connection is not private' errors
This probably means the device hasn't got the certificate installed correctly. Please check you have followed the steps here. If you are deploying the certificate through MDM/GPO/Google, you might need to restart the devices a few times or disabled decryption while the policy is downloaded.
You can check if the certificate is installed by visiting certificatecheck.lgfl.org.uk.
Certain applications are not behaving properly
If most websites are still accessible after turning on decryption but you discover individual sites or applications that don't work you can run a report to troubleshoot decryption:
- In SchoolProtect, go to Reports > Create Report.
- Select On Demand and Detail, then choose IP Report from the dropdown
- Under Restrict only to these categories, click Not Restricted and select Malformed URL
- In the following steps, set the timeframe and IP address of the the device that had issues and run the report.
- The report produced will show any domain names that are not compatible with decryption. These can be added to the exclusion list in SchoolProtect.
Repeat this process for each application or site that isn't working.
Verifying HTTPS decryption is enabled
To verify that HTTPS decryption is working correctly on your device(s), you can do the following checks:
- Visit an HTTPS website, e.g. www.google.com in Chrome/Edge
- Click on the site information icon in the address bar, Connection is secure then Certificate is valid
- The presented certificate should show Issued By as LGfL WebScreen HTTPS Decryption as the Common Name (CN)
