HTTPS Inspection Rules

Define rules to decrypt HTTPS traffic from selected URL categories to apply configured secure access rules in the same way as HTTP traffic.

Action

Description

Add an HTTPS inspection rule

For more information, see Adding an HTTPS Inspection Rule.

Check an HTTPS inspection rule

View the basic information about an HTTPS inspection rule.

Configure an HTTPS inspection rule

Click in the Action column to change the basic information about an HTTPS inspection rule.

Click in the Action column to duplicate an HTTPS inspection rule. This provides a convenient way of adding a new inspection rule with settings similar to an existing rule.

Click in the Action column to delete an HTTPS inspection rule from Trend Micro Vision One.

To delete more than one HTTPS inspection rule, select the rules and click Delete in the upper left.

Configure default settings

Add a default CA certificate for the cloud Internet Access Gateway to decrypt HTTPS traffic

By default, Trend Micro acts as a private Certificate Authority (CA) and uses a default root CA certificate for the internet access service that is sent to client browsers to complete a secure session for HTTPS connection. However, because the default CA certificate is not signed by a trusted CA on the internet, the client browsers will display a certificate warning each time users access an HTTPS website. Although users can safely ignore the certificate warning, Trend Micro recommends using a cross-signed CA certificate if you have your own certificate.

  1. Cross-sign your organization's CA certificate.

    For more information about cross-signing a CA certificate, see Cross-Signing a CA Certificate for Cloud Gateway Use.

  2. Click the Default Settings gear icon in the upper right of the HTTPS Inspection Rules screen.

  3. Click Select File... to upload the cross-signed certificate to Trend Micro Vision One as the default CA certificate.

    To reset the built-in certificate as the default certificate, click Reset to Built-in Certificate.

  4. Click Save.

Pass HTTPS requests to web servers when decryption fails

Select whether to allow your users to access HTTPS content when the Internet Access Gateway fails to decrypt HTTPS traffic for some reason.

  1. Click the Default Settings gear icon in the upper right.

  2. Click the toggle under Pass HTTPS requests to web servers when decryption fails to enable this feature.

  3. Click Save.