Skip to content

Decryption of HTTPS Traffic

Web Filtering Proxy is capable of decrypting and inspecting of HTTPS connections (assuming browsers are trusting the proxy of course).

Decrypting Flow

The following describes what happens when a user needs to navigate to a web page that is to be HTTPS decrypted and inspected.

  • User types a domain name in the browser address bar.
  • Browser sends the request to proxy server, asking it to establish a secure CONNECT tunnel to remote origin server.
  • Proxy establishes a secure HTTPS connection to the remote server and retrieves the server certificate.
  • Proxy generates a new certificate the remote server, imitating all properties of the original certificate and signs this imitated certificate using its own Root CA certificate.
  • Proxy sends that imitated certificate to the browser along with the message that the connection is successfully established.
  • Browser accepts the imitated certificate, validates it and (because browser trusts the proxy) sends the request through the connection to the proxy.
  • Proxy receives the request, filters it and passes it to origin server.
  • When origin server replies with response, proxy filters that response and forwards it to the browser.

Taking a look at this flow of events we understand that we need at least two things to configure for the successful HTTPS inspection.

  1. Proxy needs to be configured with a certificate that can act as trusted Root CA.
  2. Browser needs to be set to trust that Root CA

The following pages will go into more details on these two subjects.