Enabling SSL support

Before enabling SSL support, verify that Content Gateway:

• Is installed in a supported environment that includes a network test segment
• Is passing explicit or transparent traffic as expected
• Is integrated and tested with Forcepoint Web Security
  • Policies are configured
  • Scanning (analytic) options are configured
  • HTTP requests are handled as expected
  • Policy is being enforced as expected
• Is stable:
  • Content Gateway performance monitoring graphs show a predictable ramp up in traffic with no unexplained traffic spikes
  • All mission critical websites and web-hosted applications have been validated to work properly through the proxy, or acceptable bypasses are in place

When the above conditions are met:

• Enable SSL support.
• Confirm that HTTPS traffic is passing through Content Gateway.
• Verify that clients are not receiving certificate errors in the browser. If they are, see these instructions on installing the Internal Root CA.
• Test by accessing several sites that are commonly used in your organization.
• Test by using HTTPS-based applications that are commonly used in your organization. See these articles for information about common problems.
  • Dropped HTTPS connections
  • Websites that have difficulty transiting Content Gateway
• Send a representative sample of traffic into the test environment with the objective of uncovering as many HTTPS traffic problems as possible.
• When the environment is stable, proceed to Enabling the CVE.