Print

Print


Latest twist: 

I'm using Securly's DNS servers on my own Mac today, just to see how it goes. In the last 15 minutes or so, I've gotten this repeatedly when doing Google searches on innocent subjects:

---------
select timeZone from user where email = "[log in to unmask]";Aiyee, server messed up. Details have been mailed to us. Please try again or check back shortly. Thanks.Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
---------

lol. "Aiyee" indeed. Opened a support ticket. Maybe this is what's *actually* happening to my users intermittently, and it has nothing to do with certificates. 

-- MB

On Thu, Oct 22, 2015 at 12:01 PM, Marion Bates <[log in to unmask]> wrote:
OK...wait...so.

The Mac keychain install I've done on school Macs -- does that only "help" Safari? Do we have to install the cert to our Macs' Chrome and Firefox browsers individually *also*? I have pushed it down to Chromebooks, but that's at the device level. From Securly's KB article I got the impression that Chrome on the Mac "inherits" certs and trust settings from the Mac's system Keychain. Is that not the case?

I didn't realize that Firefox needed its own installation/configuration. I thought it too looked at the Mac Keychain. What a PITA.

iPads: We've deployed the .pac file, the global proxy profile, and the Securly certificate via our MDM, months ago. Yesterday, with the DNS filter enabled, the Google Search "app" worked, while Google searches in Safari did not. Today, I have disabled the DNS-based filter altogether, and I'm now hearing that kids' iPads are able to search in Safari, but NOT the Google Search app. Stuff that works for the kids when they're home, breaks when they're on our network.

This is maddening.

Thanks again for your help.

-- MB


On Thu, Oct 22, 2015 at 11:48 AM, Mike Kanfer <[log in to unmask]> wrote:
Are you using Firefox?  It requires its own certificate.

On Thu, Oct 22, 2015 at 11:24 AM, Marion Bates <[log in to unmask]> wrote:
Okay, THANK YOU Mike! 

The mystery remains, though. When I did this back in July, I deployed a pkg that ran this command:

/usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $1/Contents/Resources/securly_self_signed_cert_exp_20200130.der

This has the effect of adding the cert to the system keychain and always trusting it:

Inline image 1

That's been done on all of our school Macs; yet, this week, we've had users encounter trust warnings left and right, for basic stuff like drive.google.comAnd, that "securly_self_signed_cert_exp_20200130.der" is identical to the "securly_SHA-256.crt" file that I just downloaded from their KB article. 

Guess I'll keep digging...

Thanks again,

-- MB 

On Thu, Oct 22, 2015 at 9:48 AM, Mike Kanfer <[log in to unmask]> wrote:
Check out http://support.securly.com- click on the In School DNS choice and the See All 13 Articles under the Deployment section.  It has answers for everything there.

On Thu, Oct 22, 2015 at 9:38 AM, Marion Bates <[log in to unmask]> wrote:
Hi,

If you use Securly DNS-based filtering on your network, could you point me to KB article(s) or any other resource you might have, regarding step-by-step instructions for doing whatever voodoo is necessary for client certificate setup on desktop OS's (in our case, Macs), iOS, and Chromebooks? I thought I had done the needful this summer, but it keeps breaking, and the turnaround time with support is pretty atrocious lately. 

Thanks,

-- MB

--
Marion Bates, District Technology Supervisor
School Administrative Unit 70
Hanover, NH | Norwich, VT
Office: (603) 643-3431 x2714
http://www.sau70.org/

-----------------------------------------------------------------------

Search the SCHOOL-IT Archive

Manage your Subscription to SCHOOL-IT


-----------------------------------------------------------------------

Search the SCHOOL-IT Archive

Manage your Subscription to SCHOOL-IT




--
Marion Bates, District Technology Supervisor
School Administrative Unit 70
Hanover, NH | Norwich, VT
Office: (603) 643-3431 x2714
http://www.sau70.org/

-----------------------------------------------------------------------

Search the SCHOOL-IT Archive

Manage your Subscription to SCHOOL-IT


-----------------------------------------------------------------------

Search the SCHOOL-IT Archive

Manage your Subscription to SCHOOL-IT




--
Marion Bates, District Technology Supervisor
School Administrative Unit 70
Hanover, NH | Norwich, VT
Office: (603) 643-3431 x2714
http://www.sau70.org/



--
Marion Bates, District Technology Supervisor
School Administrative Unit 70
Hanover, NH | Norwich, VT
Office: (603) 643-3431 x2714
http://www.sau70.org/

-----------------------------------------------------------------------

Search the SCHOOL-IT Archive

Manage your Subscription to SCHOOL-IT