How do I install a WatchGuard Deep Packet Inspection root certificate onto a Ubuntu Linux workstation?

I have a Ubuntu 16.04 workstation behind a WatchGuard firewall doing deep packet inspection. How do I add the DPI root certificate to the workstation in order to not be constantly told all the certificates are invalid?

1 Answer

Download the certificate from the firewall's certificate portal website. You can find it at the address below. Replace firewall.ip.addr.ess with your firewalls IP.

If you don't know your firewall IP, it is a good chance that it is your default gateway. Use this command to find your default gateway.

netstat -nr |egrep ^0.0.0.0|awk '{print $2}'

Make a directory in your local root certificate store to put your certificate into and move the file in being sure the certificate extension is changed to *.crt.

sudo mkdir /usr/local/share/ca-certificates/wg-dpi/
sudo cp ~/Downloads/ProxyCA.cer /usr/local/share/ca-certificate/wg-dpi/watchguard-dpi.crt

Update your Certificate Authority store. The command output should confirm adding one certificate.

sudo update-ca-certificates

You should see something like this at the end of the output.

Certificate added: O=WatchGuard_Technologies, OU=Fireware, CN=Fireware HTTPS Proxy (SN 80DA00F0B0000 2016-19-77 22:46:25 UTC) CA
1 new root certificates were added to your trust store.

If you are using the Chrome web browser

  • In chrome, enter the URL: chrome://settings/advanced
  • Select "Manage Certificates" Button
  • Click "Authoritities" Tab
  • Click "Import" button
  • Enter "/usr/local/share/ca-certificate/wg-dpi/watchguard-dpi.crt"
  • Select "Open"
  • Select "Done"
  • Restart Chrome

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like