Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure HTTPS Scanning

You can configure the HTTPS scanning process on Secure Web Gateway to make it suit your requirements. Complete these high-level steps:

  1. Select Policy > Rule Sets, then navigate to the rule set for HTTPS scanning.

    After the initial setup, this is the HTTPS Scanning rule set. It is not enabled by default.

  2. Review the rules in this rule set and modify them as needed.

    For example, you can:

  • Replace the default root Certificate Authority (CA) for signing certificates that the appliance sends to its clients by a certificate of your own.

    This can be a certificate authority that you create yourself on the user interface or one that you import from your file system.

  • Enable or disable rules for skipping the HTTPS scanning process, for example:

    • The rule for skipping certificate verification when a certificate that was submitted by a client is on an allow list
       
    • The rule for skipping content inspection when the host of a requested URL is on an allow list
  • Edit the allow lists.
     
    A yellow triangle next to a list name means the list is initially empty and you need to fill the entries.

  • Create allow lists of your own to be used by the rules for skipping HTTPS scanning.

  • Modify the settings of the modules for HTTPS scanning:

    • SSL Scanner settings

    • SSL Client Context settings

    • Certificate Chain settings
  1. Save your changes. 
  • Was this article helpful?