HTTPS Content Scanning
The Secure Sockets Layer (SSL) certificate
A digital means of proving your identity. When you send a digitally-signed message, you are sending your certificate and public key. Certificates are issued by a certification authority and can expire or be revoked.
of a website is used to:
- Maintain confidentiality through encryption.
- Authenticate the site as being legitimate.
You can enable Secure Web Gateway to automatically perform site certificate checking thereby removing the burden of responsibility from end users who may unknowingly accept bogus or invalid certificates. The administrator can define the policy relating to the certificate checks applied which includes checking for the common name, expiration date, revocation status, and the issuer. See Certificate Verification for more information.
The HTTPS Certificate Policy option allows specific sites to be added to a global HTTPS Certificate Policy list with a setting which specifies whether the site should be blocked or allowed if it fails certificate checks. If a site exists on this list that is allowed then the certificate for that site will not be checked. See HTTPS Policy page settings for more information.
To enable or disable HTTPS content scanning
- Navigate to Policy > HTTPS Policy. The HTTPS Policy page is displayed.
- In the HTTPS Content Scanning is Enabled or the HTTPS Content Scanning is Disabled panel, click Click here to change these settings.
- Select or clear the Enable HTTPS content scanning check box. If enabled, you can specify the Certificate Verification and HTTPS Certificate Policy settings.
-
|
Modifying this setting will affect how the policy is applied and may require a proxy restart involving disconnection of the users from their current web session. We recommend that you use OCSP only in addition to CRL checking because few Certificate Authorities currently provide OCSP responders. |