BYOD/Android certifcate substitution problem
We have a particular problem with certain devices and our wireless BYOD setup.
Essentially, users connect to an open network and authenticate via a captive portal (AD integrated) for Internet access.
The connection is filtered and goes out via a firewall at layer 3/4. All's OK apart from when the user tries to access an SSL enabled website. The firewall decrypts the SSL session, re-establishes an SSL session replacing the real certificate with a SSL certificate generated on-the-fly by the firewall. The problem is the BYOD devices don't trust the certificate (can't be verified) as they don't have root certificate installed.
Is there a simple way to resolve this issue? Is there any easy way to push out the root cert to user's devices? I wondered if we could place a copy of the root certificate on our website, that users could be instructed to download using the URL e.g. go to website.com/root.cert?
I know one way is to copy the certificate to the SD card, but our users would find this too complicated.
Any advise is much appreciated.
PS The connection goes via Bloxx (filtering) and Watchguard (firewall) but I can't quite remember which is performing the SSL decryption/re-encryption.