TLS decryption

Transport Layer Security (TLS) is the industry standard protocol for transmitting data securely over the Internet. It is based on a system of trusted certificates issued by certificate authorities (CAs) and recognized by servers. TLS decryption allows Forcepoint Dynamic Edge Protection to inspect the payload element of network traffic routed through the service.

When you enable TLS decryption for your policies, end-user traffic directed to the service is decrypted so that the traffic payload can be inspected. Traffic is re-encrypted before being sent to its destination.

If TLS decryption is enabled for your policy, you must download and install the Forcepoint root certificate on end user client machines whose traffic will be serviced by the policy. This is a CA certificate that is used to authenticate TLS-encrypted traffic, enabling the service to decrypt the traffic for inspection, and to display block pages (if appropriate) for HTTPS websites.

Click the Forcepoint root certificate link to download the certificate. Distribute the certificate to client machines using your preferred distribution method.