Support for Custom Trusted Certificate
We previously used a self-signed certificate issued by Skyhigh to display block messages generated by the proxy for any site on the SSL Bypass List. We will now use a certificate from an HTTPS Connection feature configuration set up by the customer for our block messages.
For example, users accessing Zoom application via the web encountered certificate errors because Zoom didn't recognize Skyhigh-signed certificates.
Normally, you have to select a HTTPS Connection feature configuration—Customer_CA in this case - to be used for SSL decryption.
The proxy will automatically select an HTTPS Connection feature configuration on its own if the site is on the bypass list with no explicit HTTPS Connection feature configuration applied, and if a block or error message needs to be displayed by the proxy, such as when a connection to the site has failed,
- If a predefined Customer CA HTTPS Connection feature configuration exists, its root CA is enforced.
- The root CA from the first available HTTPS Connection feature configuration is enforced.
- If no HTTPS Connection feature configuration exists, the Skyhigh-issued self-signed certificate will be enforced, as before.