Links to ProtexRootCA certificates:
.crt format: http://protex.e2bn.org/certs/ProtexRootCA.crt
.der format: http://protex.e2bn.org/certs/ProtexRootCA.der
You can use this URL - https://protex-ssltest.e2bn.org/ - to check that the certificate has installed correctly.
Protex responds to changes on Google Search - please act now
Google are about to withdraw their nosslsearch option that web filtering systems, including Protex, use to filter Google searches and to blank inappropriate image thumbnails in Google image search. The effect of this is to force all Google searches to be encrypted between the browser and the Google servers using https. For that reason E2BN Protex and other filtering providers are introducing https content-inspection for Google search in order to maintain the level of filtering protection currently provided.
Local Authorities have already been alerted and will be contacting their own schools about the changes they need to make in order to continue to benefit from Protex's ability to filter Google searches. Essentially, schools will be required to install a ProtexRootCA certificate on every device.
We are rolling out a filtering upgrade programme and many Protex systems have already been upgraded to V4.0r - this upgrade switches on https content inspection for all users and devices that access the internet via Protex.
ALL users of Protex need to install the certificates NOW to avoid encountering browser certificate errors when accessing Google following the system upgrades.
As this change by Google affects all filtering products, schools not using Protex should urgently consult with their filtering provider regarding this issue.
For more information about what you need to do please read these Frequently Asked Questions
Installing the E2BN Trusted Root Certificate
THIS IS THE PREFERRED OPTION: whenever possible use Group Policy to distribute the certificate to every Windows computer on your network as installing on individual computers is time-consuming. In addition, we have now had several issues reported with getting the certificate to install correctly - usually related to local differences in administrative user permissions.
Download and the .crt file from http://protex.e2bn.org/certs/ProtexRootCA.crt
1. Open the Group Policy object (GPO) that you want to edit.
2. In the console tree, click Trusted Root Certification Authorities here:
Policy Object Name/Computer Configuration/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certification Authorities
3. On the Action menu, point to All Tasks, and then click Import.
This starts the Certificate Import Wizard, which guides you through the process of importing a root certificate and installing it as a trusted root certification authority (CA) for this GPO.
Note: this must be done by a user with Administrative rights - in particular the user must have the right to add a certificate to the Trusted Root Certification Authorities store.
Download and the .crt file from http://protex.e2bn.org/certs/ProtexRootCA.crt. This should save it into your documents/or downloads folder. Locate the .cer file in your documents or download folder. Double-Click the file and accept any UAC warnings. You should then be presented with a screen similar to below this:
Click on "Install certificate..." and select Local Machine and the store location Trusted Root Certificate Authorities
Install the certificate in the Trusted Root Certificate Authorities directory shown in the image below, if you do NOT install the certificate in this directory Protex will NOT function correctly.
Click "Next" and then "Finish" to complete the process.
NOTE on Windows 7. If the Certificate icon has a red cross next to it the installation has failed even though it is reported as being successful. The certificate HAS been imported but is NOT trusted. See this article for possible solutions. Whenever possible it is best to use the Group Policy the distribute the root certificate.
Installation on Windows 7 - Standalone Device with multiple users
To add certificates to the Trusted Root Certification Authorities store for a local computer
Administrators is the minimum group membership required to complete this procedure.
Download the .crt certificate file - http://protex.e2bn.org/certs/ProtexRootCA.crt - and save it in a directory you will remember. For example, your desktop.
Double click on the certificate and should should get the following screen. Click "Always Trust".
Enter your administrator account password and click on "Update Settings" to install the certificate. The certificate is now installed for this account only. To make it available to all users of this OSX device start the Keychain Access utility (in Applications/Utilities) and copy the certificate from the login chain to the system one. Use "Right-click" when copying and pasting the certificate item and you will also need to enter and the password again to complete the copy.
Use Safari Browser to navigate to http://protex.e2bn.org/certs and click the .crt link on this page. The device should prompt the user to install the certificate. Installation can also be done via MDM system such as Apple Configurator - download the file on the management system and then add to the Profile payload Certificates section and deploy to your devices.
Click "Install" at each point until you come to the screen confirming that the certificate is trusted:
Click on the link above and you should be presented with the screen below.
Tick all three boxes on the next screen and click OK
Download and the .crt file from http://protex.e2bn.org/certs/ProtexRootCA.crt. Open the certificate and name it.
On android devices you must set a password before you can install any certificates but you may remove the password after the processe has been completed.
Press "OK". Then enter a password and press "Done".
You should then have a message on screen saying that the certificate has been installed.
Download and the .crt file from http://protex.e2bn.org/certs/ProtexRootCA.crt and save it to a convenient location.
Follow the instructions here on setting up your Chromebook for SSL interception and installing the certificate.