Configure SSL scanning

You can configure SSL scanning to adapt this process to the needs of your network.

Complete the following high-level steps.


  1. Enable the rule set for SSL scanning and review the rules in this rule set.
    By default, this is the SSL Scanner rule set.
  2. Modify these rules as needed.
    You can, for example, do the following:
    • Replace the default root certificate authority (CA) for signing certificates that the appliance sends to its clients by a certificate of your own.

      This can be a certificate authority that you create yourself on the user interface or one that you import from your file system.

    • Enable or disable whitelisting rules, for example:
      • The default rule for skipping certificate verification when a certificate that was submitted by a client is on a whitelist
      • The default for skipping content inspection when the host of a requested URL is on a whitelist
    • Edit the lists used by the whitelisting rules
      Note: A yellow triangle next to a list name means the list is initially empty and you need to fill the entries.
    • Create whitelists of your own and let them be used by the whitelisting rules
    • Modify the settings of the modules involved in SSL scanning.
      • SSL Scanner module
      • SSL Client Context module
      • Certificate Chain module
  3. Save your changes.