Home Troubleshooting HTTPS Sites Not Being Filtered

HTTPS Sites Not Being Filtered

Last updated on Apr 17, 2026

HTTPS Sites Not Being Filtered

If HTTPS websites are loading without filtering (no blocks, no logging), the issue is typically related to the SSL/HTTPS inspection certificate. KyberGate uses SSL inspection to analyze encrypted traffic, which requires a trusted root certificate on each device.

Before You Begin

  • Confirm the issue affects HTTPS sites specifically (HTTP sites may still be filtered)
  • Have access to the affected device or your MDM console
  • Know your MDM platform and how to deploy certificates

Understanding the Problem

KyberGate filters web traffic by inspecting it through a cloud proxy. For HTTPS sites, the proxy must decrypt and re-encrypt traffic using a root certificate installed on the device. Without this certificate:

  • HTTPS sites may bypass filtering entirely
  • The device may show certificate warnings
  • Activity from HTTPS sites won't appear in logs

Troubleshooting Steps

Step 1: Check Certificate Installation

  1. On the affected device, visit https://proxy.kybergate.com/health
  2. If the page loads without warnings: The certificate is properly installed — skip to Step 3
  3. If you see a certificate error: The KyberGate root cert needs to be installed or trusted

Step 2: Install/Trust the Certificate

For iPads (via MDM):

  1. In your MDM, create a Certificate configuration profile
  2. Upload the KyberGate root certificate (download from Settings → Network → Download Certificate in your dashboard)
  3. Deploy the profile to your devices
  4. The certificate is automatically trusted when deployed via MDM

For Chromebooks:

  1. In Google Admin Console, go to Devices → Chrome → Settings → Certificates
  2. Upload the KyberGate root certificate
  3. Check Use this certificate as an HTTPS certificate authority
  4. Apply to the appropriate OUs

For Windows:

  1. The KyberGate Windows agent installs the certificate automatically
  2. If missing, run the agent installer again or manually import the cert to Trusted Root Certification Authorities

For macOS:

  1. The KyberGate macOS agent installs the certificate automatically
  2. If missing, download the cert and add it to Keychain Access → System → Certificates, then set trust to Always Trust

Step 3: Verify Proxy Is Active

  1. Check that the PAC file is properly configured (see Network and Proxy Settings guide)
  2. Visit a site that should be blocked — you should see the KyberGate block page
  3. If the site loads normally, the proxy configuration may be missing or overridden

Step 4: Check for Conflicts

  • VPN apps can bypass the proxy — check if any VPN is active on the device
  • Other proxy settings may conflict — ensure no manual proxy is configured alongside the PAC file
  • Network-level SSL inspection on your school firewall may interfere — add *.kybergate.com to your firewall's SSL bypass list

Tips

  • Always deploy certificates through MDM for automatic trust — manual installation requires additional trust steps on most platforms
  • After deploying a new certificate, have users close and reopen their browser
  • Use the Network Health Score in your dashboard to monitor SSL inspection status across your fleet

Related Articles