HTTPS Inspection Rules

Define rules to decrypt HTTPS traffic from selected URL categories to apply configured secure access rules in the same way as HTTP traffic.

Action

Description

Add an HTTPS inspection rule

For more information, see Adding an HTTPS Inspection Rule.

Check an HTTPS inspection rule

  • View the basic information about an HTTPS inspection rule.

    Note:

    Trend Micro Vision One automatically creates a default rule to decrypt all HTTPS traffic initiated from any location. When enabled, the default rule applies whenever no other HTTPS inspection rules are matched. The default rule always has the lowest priority and cannot be deleted.

Configure an HTTPS inspection rule

  • To change the basic information about an HTTPS inspection rule, click in the Action column.

  • To duplicate an HTTPS inspection rule, click in the Action column. This provides a convenient way of adding a new inspection rule with settings similar to an existing rule.

  • To delete an HTTPS inspection rule from Trend Micro Vision One, click in the Action column .

    To delete more than one HTTPS inspection rule, select the rules and click Delete in the upper left.

Configure a default CA certificate for the Internet Acces Cloud or On-Premises Gateway to decrypt HTTPS traffic

  1. Click the Settings gear icon in the upper right.

  2. Determine and configure the default CA certificate that automatically applies to HTTPS inspection rules.

    • Built-in CA certificate provided by Internet Access: Download the certificate from the console and deploy it to the browsers of your users.

      Note:
      • The built-in CA certificate is not signed by a trusted CA on the internet. To avoid certificate warnings on browsers when users access HTTPS websites, make sure that you deploy the built-in CA certificate to the supported browsers.

      • Internet Access provides different built-in certificates for the cloud gateway and on-premises gateways.

    • Your own CA certificate: Cross-sign your organization's CA certificate and upload the cross-signed certificate to the console.

    To reset the default certificate, click Reset to Built-in Certificate.

  3. Click Save.

You can choose to use another CA certificate when configuring an HTTPS inspection rule.

Pass HTTPS requests to web servers when decryption fails

Select whether to allow your users to access HTTPS content when the Internet Access Gateway fails to decrypt HTTPS traffic for some reason.

  1. Click the Settings gear icon in the upper right.

  2. On the Bypass Mode tab, click the toggle under Pass HTTPS requests to web servers when decryption fails to enable this feature.

  3. Click Save.