SSL Interception Filtering

The 'SSL interception' functionality provided by Smoothwall gives us the ability to intercept and filter inappropriate web traffic and search results. In order to perform SSL interception, Learning Academies Trust needs to decrypt, analyse, and then re-encrypt all traffic using a security certificate issued from our Smoothwall appliance. This certificate will ensure that you and other users remain protected from inappropriate content when accessing our internet.

In an environment with direct access to the internet, web traffic is encrypted by the server and then transfered directly to the user for decryption (as shown in the diagram below). An SSL certificate is used to establish a secure connection between the source (server) and destination (you) to ensure nobody can view your browsing or personal information.

To protect our users and to remain compliant with the filtering and monitoring requirements within the Keeping Children Safe in Education documentation, we route all internet connectivity through our Smoothwall appliances. Internet traffic is then decrypted, analysed and re-encrypted, during which any inappropriate content is blocked from reaching your device and logged on our reporting systems.

To analyse the web content you are accessing, we intercept the encryption between the server and your device (as shown in the diagram below). Your computer will then display an error message alerting you to an 'insecure' connection. This is because our Smoothwall appliance re-encrypts the data with a new certificate that your computer does not trust.

If you wish to use the internet on a personal device at one of our schools, you will need to manually install the certificate to our Root Certificate Authority. This will enable your device to trust our Smoothwall appliances and provide access to your re-encrypted information. If you are using a school issued device, the certificate will be installed automatically.

To protect our users and the security of their devices, the Root Certificate is only valid for a period of one years. After the certificate has expired you will need to install the new root certificate to continue receiving internet access.

Please note we exclude all online banking requests from HTTPS interception. Therefore the certificate you receive will be directly issued from the banking website. If this page shows as insecure (check for the padlock icon on your browser), we would advise not to proceed or enter any personal information.

For more assistance in accessing our internet, please use the buttons below to find out if you have the certificate installed already and the instructions on installing the certificate if you need to.

Check if certificate is installed Instructions to install certificate

Your internet will be intercepted and filtered by Aletheia Academies Trust via an appliance at each site, with reporting information being synced to our central reporting appliance located at Meadow Road, Gravesend, Kent, DA11 7LS. We collect personal data for the purposes of safeguarding, enhancing information security, acceptable use enforcement and enforcing the restriction of access to unauthorised material. This information may be processed by Smoothwall Limited for which you can view their privacy policy. Aletheia Academies Trust adhere to strict data protection policies to ensure that your data remains safe and secure.

If you have any queries, please contact our technical support team via it@aletheiatrust.org.uk or call 01474 531493.