Open with table of contents

HTTPS Content Scanning

The Secure Sockets Layer (SSL) certificateClosedA digital means of proving your identity. When you send a digitally-signed message, you are sending your certificate and public key. Certificates are issued by a certification authority and can expire or be revoked. of a website is used to:

You can enable the Gateway to automatically perform site certificate checking thereby removing the burden of responsibility from end users who may unknowingly accept bogus or invalid certificates. The administrator can define the policy relating to the certificate checks applied which includes checking for the common name, expiration date, revocation status, and the issuer. See HTTPS Analysis Policy Settings for more information.

The HTTPS Certificate Policy option allows specific sites to be added to a global HTTPS Certificate Policy list with a setting which specifies whether the site should be blocked or allowed if it fails certificate checks. If a site exists on this list that is allowed then the certificate for that site will not be checked. See HTTPS Certificate Policy Settings for more information.

To enable or disable HTTPS content scanning:

  1. From the Policy Center Home page, click HTTPS Policy. The HTTPS Policy page appears.
  2. In the HTTPS Content Scanning section, click Click here to change these settings.
  3. Select or clear the check box next to the Enable HTTPS content scanning option. This option enables or disables the HTTPS content scanning option. If enabled, you can specify the HTTPS Analysis Policy Settings and HTTPS Certificate Policy Settings.
  4. Apply the configuration.
 

Modifying this setting will affect how the policy is applied and may require a proxy restart involving disconnection of the users from their current web session.

We recommend that you use OCSP only in addition to CRL checking because few Certificate Authorities currently provide OCSP responders.

See also...

© 1995–2018 Clearswift Ltd.