HTTPS/SSL inspection:


SSL (Secure Sockets Layer) is the industry standard for transmitting secure data over the Internet. It is based on a system of trusted certificates issued by certificate authorities and recognized by servers.

 
When you enable HTTPS inspection for the Web Security users, SSL-encrypted traffic is decrypted, inspected, and then re-encrypted before it is sent to its destination. The HTTPS/SSL scanning enables the cloud proxy to scan for malware e.g. viruses that is served over SSL, enforce Data Protection (DLP) rules over SSL and ensuring a notification page (block page) delivery to the end-users in case of an unauthorized access attempt.

To properly implement HTTPS inspection for your end-users, an iSheriff Root Certificate must be installed on each client machine which acts as a Certificate Authority for SSL requests to the iSheriff Cloud Proxy. The iSheriff Root CA is installed  locally in two computer repositories:

- Main System Storage for Microsoft Internet Explorer (IE) and Google Chrome.

- Firefox Storage for Mozilla Firefox.



 

Installing SSL Certificate (automatically):

When “Automatically install Certification Authority” switch is set under any web filter policy, the iSheriff Endpoint will automatically download and install the iSheriff Root CA.


The Automatically install Certificate Authority switch is configured in the cloud console by editing a policy and navigating to the Endpoint à Custom à Customization tab as in the following:


 

note.jpg

Note

The iSheriff Root CA can also be installed manually for testing purpose.



Enable HTTPS Inspection:


1. Edit any policy and navigate to the Data Protection > HTTPS inspection tab, turn on Inspect HTTP traffic.

2. Configure the policy as desired and Click Save.

 

note.jpg

Note

It is recommended to install SSL certificate before enabling HTTPS inspection.