Configure HTTPS Scanning
You can configure the HTTPS scanning process on Secure Web Gateway to make it suit your requirements. Complete these high-level steps:
-
Select Policy > Rule Sets, then navigate to the rule set for HTTPS scanning.
After the initial setup, this is the HTTPS Scanning rule set. It is not enabled by default. -
Review the rules in this rule set and modify them as needed.
For example, you can:
-
Replace the default root Certificate Authority (CA) for signing certificates that the appliance sends to its clients by a certificate of your own.
This can be a certificate authority that you create yourself on the user interface or one that you import from your file system. -
Enable or disable rules for skipping the HTTPS scanning process, for example:
- The rule for skipping certificate verification when a certificate that was submitted by a client is on an allow list
- The rule for skipping content inspection when the host of a requested URL is on an allow list
- The rule for skipping certificate verification when a certificate that was submitted by a client is on an allow list
-
Edit the allow lists.
A yellow triangle next to a list name means the list is initially empty and you need to fill the entries. -
Create allow lists of your own to be used by the rules for skipping HTTPS scanning.
-
Modify the settings of the modules for HTTPS scanning:
-
SSL Scanner settings
-
SSL Client Context settings
- Certificate Chain settings
-
- Save your changes.