Skip to main content
Skyhigh Security

Configure HTTPS Scanning

You can configure HTTPS scanning to adapt this process to the needs of your network. Complete the following high-level steps.

  1. Enable the rule set for HTTPS scanning and review the rules in this rule set.
    By default, this is the HTTPS Scanning (SSL Scanner) rule set.
  2. Modify these rules as needed.
    You can, for example, do the following:
  • Replace the default root Certificate Authority (CA) for signing certificates that the appliance sends to its clients by a certificate of your own.
  • This can be a certificate authority that you create yourself on the user interface or one that you import from your file system.
  • Enable or disable whitelisting rules, for example:
    • The default rule for skipping certificate verification when a certificate that was submitted by a client is on a whitelist
    • The default for skipping content inspection when the host of a requested URL is on a whitelist
  • Edit the lists used by the whitelisting rules

A yellow triangle next to a list name means the list is initially empty and you need to fill the entries.

  • Create whitelists of your own and let them be used by the whitelisting rules
  • Modify the settings of the modules involved in HTTPS scanning.
    • SSL Scanner module
    • SSL Client Context module
    • Certificate Chain module
  1. Save your changes. 
  • Was this article helpful?