If the Rocket is not configured as a Proxy Server, when a user accesses a secure HTTPS site, only the domain name (subject) in the SSL certificate will be visible to the Web Filter. Block or allow decisions can only be made based for the entire domain, rather than for URLs and URL patterns within the domain.
When the Proxy Server is enabled with SSL Decryption, all HTTPS (encrypted) requests can be examined via a trusted Man-In-The-Middle proxy. When a user requests a secure website, such as a banking site, the encrypted request will be sent to the proxy server. The proxy server will then decrypt it in order to read the full URL.
Note: A few steps are required to enable HTTPS decryption once you’ve installed the proxy certificate:
- Decrypt SSL Traffic must be selected (checked) on the Proxy Server page.
- The client must be configured to use the Rocket as an SSL proxy (either explicitly or through WCCP.)
Installed Proxy Certificate
This table lists the expiration date for the current proxy certificate. If a proxy certificate is about to expire, click Recreate proxy certificate to extend the expiration date. Please note that the default Proxy certificate has a lifetime of 39 months after being initialized.
Important: If you recreate the proxy certificate, you will need to redeploy this certificate to all user devices that use this Rocket proxy server. You can push it out through a GPO (Microsoft Exchange) or ZENworks (Novell) at the same time that you push out the proxy settings.