Managing HTTPS Decryption Rules Parent topic

Encrypted HTTPS connections can carry the same risks as unencrypted HTTP connections. To maintain security, Deep Discovery Web Inspector can decrypt and scan selected HTTPS traffic for potential risks and threats. Before Deep Discovery Web Inspector can apply scanning and filtering policies on encrypted content, you must configure HTTPS decryption rules that define what to decrypt.
Go to PolicyDecryption Rules to perform any of the following tasks to manage HTTPS decryption rules.
Note
Note
The default HTTPS decryption rule is predefined and is always the last one in the list.

Procedure

  • View summary information about existing HTTPS decryption rules.
  • Click Add to create a new rule.
  • Click a rule's name to view or modify settings, including enabling or disabling the rule.
  • Click a rule's name to import a certificate or reset the rule to use the default certificate.
    On first installation, Deep Discovery Web Inspector creates a self-signed certificate that will be used to resign decrypted HTTPS traffic. In doing so, Deep Discovery Web Inspector also acts as its own CA. Users who wish to adopt their own organizations' CA can import a certificate signed by that CA to Deep Discovery Web Inspector.
  • For a selected decryption rule, click on the Drag and Drop icon (drag_and_drop_icon.png) and drag it to the position to which you want to move that rule.
    Note
    Note
    You cannot drag a rule to a position below the default rule.
  • Select a rule and then click Move Up, Move Down, or Move Top to change the rule order and to prioritize rules as needed.
  • Select a rule and then click Duplicate to copy the selected rule.
  • Select one or more rules and then click Remove to remove the rules.
  • Generate a CSR to request a certificate from the Certificate Authority. You can import this certificate into an HTTPS decryption rule.
Related information