Decryption Rules

Before TMWS can apply scanning and filtering policies on encrypted content, you must configure HTTPS decryption rules to decrypt the content.

  1. Go to Policies > HTTPS Inspection > Decryption Rules.
  2. Manage the decryption rules.

    Task

    Details

    Add/Edit a decryption rule

    Click Add or select an existing decryption rule under Rule Name, and then specify the settings on the screen that appears. For details, see Configuring A Decryption Rule.

    Delete a decryption rule

    Select one or several decryption rules to delete and then click Delete. Do this if you no longer need a decryption rule, instead of disabling it.

    Duplicate a decryption rule

    This feature is a convenient way of adding a new decryption rule with settings similar to an existing rule.

    Select a decryption rule and click Duplicate. Under Rule Name, click the duplicated rule and then specify settings on the new screen that appears.

    Note:

    You can duplicate only one decryption rule at a time.

    Sort the rule information

    Sort the information in ascending or descending order in either of the following ways:

    • Click the title area of a column.

    • Click the up or down arrow at the right of the title area of a column.

    View data in table columns

    • Rule Name: Name of a decryption rule.

      Note:
      • before the rule name indicates that the decryption rule is enabled.

      • before the rule name indicates that the decryption rule is disabled.

    • Gateways: Gateways that a decryption rule applies to.

    • URL Categories: URL categories, including customer-defined URL categories, that a decryption rule applies to.

      • : Whether any Trend Micro predefined URL category is selected.

      • : Whether any customer-defined URL category is selected.

    • Certificate for Cloud / Certificate for On-Premises: Cross-signed certificate or default TMWS root CA certificate that is sent to client browsers to complete a secure session for HTTPS connections.

    Prioritize decryption rules

    After creating more than one decryption rule, you can prioritize them to determine which decryption rules take precedence when applied.

    Use either of the following ways:

    • Select a decryption rule and then click Move to move it up or down to a specific position or to the top or bottom as necessary.

    • Hold the part in the front of a decryption rule, and then use drag-and-drop to move it to a specific position as necessary.

    Note:

    The default decryption rule always has the lowest priority, and the Move action does not apply.

    Enable/Disable a decryption rule

    Use either of the following ways:

    • Select one or several decryption rules to enable or disable, and then click More > Enable or Disable.

    • Click or before a decryption rule to enable or disable it as necessary.

    Note:

    The default decryption rule is always enabled and cannot be disabled.

    Search for a decryption rule

    Type a keyword or part of the keyword related to either column in the table in the Search text box.

    Note:

    If there are many entries in the table, type some characters in the Search text box to narrow down the entries. As you type, the entries that match the characters you typed are displayed immediately. TMWS searches all cells in the table for matches.