Introduction

Content Gateway, the Forcepoint™ Web Security proxy component, includes support for decrypting, analyzing, and re-encrypting HTTPS (TLS/SSL) traffic as it transits the proxy. The feature must be enabled in the Content Gateway manager, otherwise HTTPS traffic is subject to only URL policy enforcement.

This article describes the most effective use of Certificate Verification Engine (CVE), a sub-component of Content Gateway TLS/SSL support. The CVE enables you to configure certificate verification to comply with your organization’s IT security requirements.

For general information on SSL support, see Working with Encrypted Data in the Technical Library. Several articles follow in a sequence.

This guide includes the below topics: