SOTI Surf security warning

SOTI Surf security warning

We're testing SOTI Surf in combination with SOTI lockdown (kiosk/single app) on a device running Android 4.4.4 (soon on Android 7).

Only one URL is white-listed and set as home page. The website is opened, but then SOTI Surf prompts a security warning:

There’s a problem with this website’s security certificate. Proceed anyway?

After pressing 'OK', the webpage is shown. SOTI Surf is configured, but I'm unable to locate the security settings which could disable this message. Under SOTI Surf Privacy Settings I was unable to find a suitable option.

6 Answers

Order By:   Standard | Newest | Votes
Raymond Chan | posted this 05 July 2018

As far as I know, there is no such option at the moment.  You might have to file a feature request to SOTI to add it to their future SURF.

 

In the meantime,  there may be a quick solution under your control.  If the target server is your company's own site (web-/app-server) and is using a self-signed SSL certificate rather than a paid SSL certificate from reputable CA, then one possible solution may be to install the self-signed CA root certificate which was used to generate the self-signed SSL certificate of the site to the trust store on your device via the certificate payload of a MobiControl profile.  After that,  the SURF secure browser (or any browser on the device) will consider your target web server safe and no warning message will be shown.

 

  • 0
  • 0
Majid | posted this 06 July 2018

Thanks for the suggestion. Unfortunately it's not a self-signed SSL certificate. I've sent a feature request to SOTI.

  • 0
  • 0
Bhav | posted this 03 October 2019

Hi,

Know this is a bit of an old thread, but was this issue resolved?

 

If yes, HELP! please. I am still getting this exact message via Android 8, Surf v14.4.3.3

If no, bugger me sideways...

 

Thanks in advance

  • 0
  • 0
Raymond Chan | posted this 04 October 2019

Do you have such problem for every site that Soti-Surf browse to?   What are the CA for the SSL certificates from the problematic target sites?  

 

  • 0
  • 0
Bhav | posted this 04 October 2019
We are using the MobiControl Root CA, because IIS is serving both SOTI and our website.
The security warning still comes up in Soti Surf even after installing the certificate on the device. This seems to be an issue for any self-signed certificate
  • 0
  • 0
Raymond Chan | posted this 04 October 2019

The issue is with the root certificate of the SSL certificate associated with the URL target that the browser access, not the MobiControl self-signed root certificate, which is typically parent to the certificate of  MobiControl server and various other services other than web-console and deployment server extension.

 

If the CA is not a reputable one, the paid SSL certificate that it sell will not be acceptable to safe security browsers from reputable vendors.

 

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback