Bypassing verification

When verification bypass is enabled, users are allowed to access a website after they have been informed that the site has an invalid certificate.

It is recommended that organizations deploy initially with verification bypass enabled. Then, as the incident rate changes, administrators can use the Incident List to enforce policy. See Managing HTTPS website access.

Use the Configure > SSL > Validation > Verification Bypass tab in the Content Gateway manager to configure verification bypass settings.

Steps

  1. Select Permit users to visit sites with certificate failure after confirmation to enable verification bypass (default). If this check box is not selected, users do not have the option to browse to sites with an invalid certificate.
  2. If verification bypass is enabled, use the Time before the user is notified again for the site field to specify a period of time, in minutes, that the user is allowed to visit a particular site without having to click through the warning again. The default is 6 minutes.
  3. Select Enable the SSL session cache for bypassed certificates to store information about bypassed certificates in cache and reuse the connections.
    • If this option is selected, not all users are notified that they are trying to access a site where verification has failed.
    • If this option is not selected, all users are notified about sites that do not have valid certificates.
  4. Click Apply.