Server Certificates

Manage the server certificates of HTTPS web servers.

  1. Go to Zero Trust Secure Access > Secure Access Configuration > Internet Access Configuration.

    The Internet Access Configuration screen appears.

  2. Select TLS/SSL Certificates from the HTTPS Inspection drop-down list.
  3. Select Server certificate from the Certificate type drop-down list in the upper left to view and manage the server certificates added automatically by the system or manually by administrators.

    The list includes the following server certificates:

    • The server certificates that fail in certificate validation.

      The system automatically adds them to the list and sets the default action to Warn. When users attempt to access a website using this server certificate, a warning page displays for them to choose whether to continue.

    • The server certificates that you want to configure specific actions for.

  4. You can complete the actions outlined in the following table.

    Action

    Description

    Check a server certificate

    View the server certificate information:

    • Common name: The CommonName (CN) field in the certificate

    • Type: Whether the certificate is automatically added by the system or manually added by the administrator

    • Description: The description of the certificate

    • Certificate error: The errors discovered in certificate validation

    • Action: The action to take upon access to the websites using the certificate in the certificate chain

      • Allow: The system decrypts the HTTPS traffic towards the websites based on inspection rules for further access control.

      • Warn: The system displays a warning page for users to choose whether to continue.

        If users choose to continue, the system decrypts the HTTPS traffic towards the websites based on inspection rules for further access control.

      • Block: The system blocks access to the websites.

    Add a server certificate

    1. Click Add.

    2. Specify the following:

      • Common name: The CommonName (CN) field in the certificate.

        Note:

        A common name can identify one or multiple server certificates using this name.

        If you add a common name that is already in the list, the latest settings override the existing settings.

      • Type: Administrator added. This field is not editable.

      • Description: A description to easily identify the certificate entry

      • Action: The action to take upon access to the websites using the certificate in the certificate chain

    3. Click Save.

    Configure a server certificate

    Select one or multiple certificates and click Delete in the upper left to delete the certificates from Trend Micro Vision One.

    Filter server certificates

    Use the search text box and the following drop-down lists to filter certificates:

    • Type: Whether the certificate is automatically added by the system or manually added by the administrator

    • Action: The action to take upon access to the websites using the certificate in the certificate chain