SSL decryption bypass
When SSL support is enabled in Content Gateway to manage encrypted traffic:
- Category settings can be used to specify categories of websites for which decryption and inspection are bypassed.
- A list of client IP addresses and IP address ranges can be created to specify trusted clients for which decryption and inspection are bypassed.
- A list of destination hostnames, IP addresses, and IP address ranges can be created to specify trusted destination servers for which decryption and inspection are bypassed.Note: There is a known limitation with Internet Explorer version 8 (IE8) that prevents some sites from being bypassed as expected. IE8 does not send a Server Name Indicator (SNI) and when the hostname in the origin server certificate includes a wildcard (*), the common name and the hostname don’t match. As a result, the category lookup is performed on the destination IP address.