Enabling hybrid HTTPS notification pages

SSL (Secure Sockets Layer) is the industry standard for transmitting secure data over the Internet. It is based on a system of trusted certificates issued by certificate authorities and recognized by servers.

If you install the Forcepoint SSL certificate for the hybrid service, the hybrid proxy can establish SSL channels with most browsers in order to serve notification pages to the user – for example, a block page if the SSL site is in a category that requires a notification, or the appropriate page if authentication is required.

To preserve performance, only HTTPS traffic is diverted in this manner; HTTP traffic goes through the proxy to the requested site.

To ensure hybrid users can see the notification pages when browsing with HTTPS, you need a root certificate on each client machine that can act as a Certificate Authority for SSL requests to the hybrid proxy.

Note: With single-sign on, end users require this root certificate to ensure seamless authentication to HTTPS sites. If the certificate is not installed for single sign-on users, they must authenticate using NTLM identification or manual authentication, depending on the settings on the Hybrid User Identification page. See Integrating the hybrid service with a single sign-on identity provider.

To install the hybrid root certificate on all clients using the hybrid service:

Steps

  1. On the Hybrid Configuration > User Access page, click View Hybrid SSL Certificate.
  2. Save the certificate file to a location of your choice.
  3. Deploy the SSL certificate to your hybrid users with your preferred administration or deployment method, for example Microsoft Group Policy Object (GPO) or a third-party deployment tool.

Next steps

Once you have distributed the certificate, mark Use the hybrid SSL certificate to display a notification page for HTTPS requests when required, then click OK to cache your changes. Changes are not implemented until you click Save and Deploy and they are then pushed to all locations in cloud (another 15 to30 minutes).