You can configure HTTPS scanning to adapt this process to the needs of your network. Complete the following high-level steps.
- Enable the rule set for HTTPS scanning and review the rules in this rule set.
By default, this is the HTTPS Scanning (SSL Scanner) rule set.
- Modify these rules as needed.
You can, for example, do the following:
- Replace the default root Certificate Authority (CA) for signing certificates that the appliance sends to its clients by a certificate of your own.
- This can be a certificate authority that you create yourself on the user interface or one that you import from your file system.
- Enable or disable whitelisting rules, for example:
- The default rule for skipping certificate verification when a certificate that was submitted by a client is on a whitelist
- The default for skipping content inspection when the host of a requested URL is on a whitelist
- Edit the lists used by the whitelisting rules
A yellow triangle next to a list name means the list is initially empty and you need to fill the entries.
- Create whitelists of your own and let them be used by the whitelisting rules
- Modify the settings of the modules involved in HTTPS scanning.
- SSL Scanner module
- SSL Client Context module
- Certificate Chain module
- Save your changes.