Digital Certificates

Procedure

1. Go to Policies → HTTPS Inspection → Digital Certificates.
2. Configure the CA Certificates tab:

   Note This tab only collects and displays root and intermediate CA certificates.

   Task	Details
   View existing CA certificates	Switch among Trusted CA Certificates, Untrusted CA Certificates, and Inactive CA Certificates from the drop-down list to see which CA certificates are trusted or untrusted by, and unknown to TMWS. View the CA certificate information: Common Name: CommonName (CN) field in the CA certificate. Type: Type of the CA certificate, which is Root or Intermediate. Expires at: Date and time when the CA certificate becomes invalid. Status: Whether the CA certificate expired or not. indicates that the certificate expired and serves as a reminder to the administrator to take action on it. Click a CommonName under Common Name to view the certificate details.
   Add a CA certificate	Add CA certificates to the Trusted CA Certificates or Untrusted CA Certificates lists: Click Add. On the Add CA Certificate screen that appears, click choose file and select a certificate to upload. Note TMWS supports uploading CA certificates in .pem or .p7b format. Click Add. Note If TMWS encounters an unknown CA certificate, it automatically saves it in the Inactive CA Certificates list. TMWS saves no more than 100 inactive CA certificates in total. It checks the expiry of these certificates on a daily basis and automatically deletes the expired ones.
   Move a CA certificate	To move a trusted CA certificate to the Untrusted CA Certificates list, select it and click Move to Untrusted. This CA certificate is still kept in the TMWS certificate store, but TMWS does not trust certificates that use it in their certification path. To move an untrusted CA certificate to the Trusted CA Certificates list, select it and click Move to Trusted. Certificates that use this CA certificate in their certification path are trusted. To move an inactive CA certificate to the Trusted CA Certificates or Untrusted CA Certificates list, select it and click More → Move to Trusted or Move to Untrusted.
   Sort the CA certificate information	Sort the information in ascending or descending order in either of the following ways: Click the title area of a column. Click the up or down arrow at the right of the title area of a column.
   Search for a CA certificate	Type a keyword or part of the keyword related to either column in the table in the Search text box. Note If there are many entries in the table, type some characters in the Search text box to narrow down the entries. As you type, the entries that match the characters you typed are displayed immediately. TMWS searches all cells in the table for matches.

3. Configure the Certificate Exceptions tab:
   This tab collects and displays the end certificates that fail to pass the certificate validation test and the certificates that the administrator needs to set special actions according to the organization's information security policies.

   When users attempts to access a website whose certificate does not pass the certificate validation test for the first time, TMWS automatically adds the certificate to the exceptions list and displays a warning page for users to choose whether to continue. By default, Action is set to Warn and can be changed as necessary. TMWS will process subsequent attempts to websites using this certificate according to the update.

   You can also manually add a certificate exception.

   Task	Details
   Add/Edit a certificate exception	See Configuring A Certificate Exception.
   View existing certificate exceptions	The Common Name, Description, Type, and Action fields automatically populate with the related data after a certificate exception is added.
   Delete a certificate exception	Select one or several certificate exceptions to delete and then click Delete.