Enabling the HTTPS Decryption and Inspection
After you have generated or imported the Root CA certificate and private key and marked it as Trusted Root CA in the certificate store of the operating system there is one more step that needs to be done.
Enable Decryption in Policy
Web Filtering Proxy enables HTTPS decryption and inspection per filtering policy. This allows for more flexible decryption settings and greatly simplifies user group membership in the organization.
To enable the decryption, open Admin UI, select your policy and click Configure Settings menu item on the right.
Select the Decryption tab and switch Decryption Mode combobox to Decrypt Always.
As the application is designed to decrypt and inspect HTTPS connections in the first place, it would also be wise to decrypt failed connections (for example - connections to non existing domain names). This will let the user see what went wrong when a connection is failed and also let the administrator see what connections were not filtered because of delays in web proxy initialization.
Finally it is also possible to automatically bypass HTTPS decryption on privacy sensitive sites, like government, financial and health and personal well being domains.
Verify HTTPS Decryption Works
After HTTPS decryption was enabled and browser set to trust the Root CA certificate of the proxy browsing shall work normally and clicking on the certificate lock in the browser shall show the notification message. Note that you need to see the name of your Root CA.
For example, this screenshot presents the decrypted and inspected HTTPS page in Mozilla Firefox.
This screenshot presents the decrypted and inspected HTTPS page in Microsoft Edge (network tools tab is open).
The Web Filtering Proxy is now fully configured to inspect the decrypted traffic and perform web filtering.