Short answer: We don't _need_ this. Not yet, anyways. Slightly longer answer: The powers that be are asking for me to block Youtube for some students, allow Youtube for Schools for the rest, and unfiltered Youtube for staff. It's possible with our current filter, but to get the best results (including https:// access to youtube, which is often the default) is to have SSL inspection. I'd like to have SSL inspection anyways, as many sites are going to SSL/TLS encryption anyways... some without the option to for regular http access... The only other option is to configure a proxy instead of the current transparent proxy setup we have now. We have done that in the past, with mixed results.
The various responses I've received so far have halted my test deployment, as I'm now trying to fully understand the enormity of this. I'm a fan of keeping it simple, so we will wait and see what solution works best for us. --Matt Ross Ephrata School District Brian Desmond <[email protected]> , 10/14/2014 9:00 AM: I’d ask the question of why you need a CA for this? Thanks, Brian Desmond [email protected] w – 312.625.1438 | c – 312.731.3132 From: [email protected] [mailto:[email protected]] On Behalf Of Matthew W. Ross Sent: Monday, October 13, 2014 5:58 PM To: [email protected] Subject: [NTSysADM] Windows CA Server We have been happily getting by without doing SSL inspection on our content filter. Now, it seems that we may need to take that next step. I'm making a windows CA server on our VMWare cluster now. Before I get too deep, any "gotchas" I should be looking for? Looking into this, it looks like I might be diving right into the deep end. Time for a lot of reading... --Matt Ross Ephrata School District
