Skip to content

Enabling the HTTPS Decryption and Inspection

After you have generated or imported the Root CA certificate and private key and marked it as Trusted Root CA in the certificate store of the operating system there is one more step that needs to be done.

Enable Decryption in Policy

Web Filtering Proxy enables HTTPS decryption and inspection per filtering policy. This allows for more flexible decryption settings and greatly simplifies filtering management per user or group in large organizations.

To enable the decryption, open Admin UI, select your policy and click Configure Settings menu item on the right.

Policy Settings

Select the Decryption tab and switch Decryption Mode combobox to Decrypt Always.

Policy Decryption

As the application is designed to decrypt and inspect HTTPS connections in the first place, it would also be wise to decrypt failed connections (for example - connections to non existing domain names). This will let the user see what went wrong when a connection is failed and also let the administrator see what connections were not filtered because of delays in web proxy initialization.

Finally it is also possible to automatically bypass HTTPS decryption on privacy sensitive sites, like government, financial and health and personal well being domains.

Verify HTTPS Decryption Works

After HTTPS decryption was enabled and browser set to trust the Root CA certificate of the proxy browsing shall work normally and clicking on the certificate lock in the browser shall show the notification message. Note that you need to see the name of your Root CA.

For example, this screenshot presents the decrypted and inspected HTTPS page in Mozilla Firefox.

Trusted Root CA in Mozilla Firefox

This screenshot presents the decrypted and inspected HTTPS page in Microsoft Edge (network tools tab is open).

Trusted Root CA in Microsoft Edge

The Web Filtering Proxy is now fully configured to inspect the decrypted traffic and perform web filtering.