To use the SSL protocol to establish an HTTPS connection, a web server needs to install an SSL certificate. Certificates are supplied by a Certificate Authority (CA) and help determine that a website is trustworthy, sensitive information (such as credit card numbers) is encrypted, and data transmitted cannot be tampered with and forged.
When a client initiates an SSL session by typing a URL that starts with https:// instead of http://, an SSL handshake is performed to verify identification (such as certificate exchange and validation) and process encryption methods required for the session. TMWS acts as an intermediary between a client and a secure web server to validate server certificates. The following describes a simplified SSL handshake process:
The client's web browser sends a connection request and its encryption data to the web server. TMWS forwards the request to the web server.
The web server returns its SSL information (including the server certificate). TMWS checks the server certificate.
If the server certificate passes validation tests, the HTTPS connection is allowed between the web server and the client. TMWS applies HTTPS decryption rules to scan encrypted content.
If the web server requests a client certificate, TMWS either blocks or tunnels the encrypted traffic.