Working With Encrypted Data

Working With Encrypted Data

Working With Encrypted Data

Related topics:

Running in explicit proxy mode

Tasks

Enabling SSL Manager

Certificates

Internal Root CA

Managing certificates

Configuring SSL Manager for inbound traffic

Configuring SSL Manager for outbound traffic

Validating certificates

Managing Web HTTPS site access

Client certificates

Configuring SSL Manager logging

Customizing SSL connection failure messages

SSL (Secure Sockets Layer) is the industry standard for transmitting secure data over the Internet. It is based on encrypted content and a system of trusted certificates issued by certificate authorities and recognized by servers.

Content Gateway does not cache HTTPS content.

When SSL Manager is enabled, SSL-encrypted traffic is decrypted, inspected, and then re-encrypted before it is sent to its destination.

Important

Even when SSL Manager is not enabled and HTTPS is not decrypted, Content Gateway performs HTTPS URL filtering. This means that for every HTTPS request, a URL lookup is performed and policy is applied.

In explicit proxy mode, when SSL is turned off, Content Gateway performs URL filtering based on the Host name in the request. If the site is blocked, Content Gateway serves a block page. Note that some browsers do not support display of the block page. To disable this feature, configure clients to not send HTTPS requests to the proxy.

In transparent proxy mode, when SSL is turned off, Content Gateway performs URL filtering based on the common name present in the certificate from the origin server. If the site is blocked, the connection with the client is dropped; no block page is served. To disable this feature when used with WCCP, do not create a service group for HTTPS.

Each SSL-based request consists of two separate sessions:

From the client browser to SSL Manager. This is considered inbound SSL traffic.

From SSL Manager to the Web server that will receive the secure data. This is considered outbound SSL traffic.

Different certificates are required for these sessions.

For additional information on SSL and certificates, search the Internet or consult any of the commercially available books on SSL.

For information on preparing your system, see the deployment and installation material in the Websense Technical Library.

Related topics: Running in explicit proxy mode Tasks Enabling SSL Manager Certificates Internal Root CA Managing certificates Configuring SSL Manager for inbound traffic Configuring SSL Manager for outbound traffic Validating certificates Managing Web HTTPS site access Client certificates Configuring SSL Manager logging Customizing SSL connection failure messages

	Important Even when SSL Manager is not enabled and HTTPS is not decrypted, Content Gateway performs HTTPS URL filtering. This means that for every HTTPS request, a URL lookup is performed and policy is applied. In explicit proxy mode, when SSL is turned off, Content Gateway performs URL filtering based on the Host name in the request. If the site is blocked, Content Gateway serves a block page. Note that some browsers do not support display of the block page. To disable this feature, configure clients to not send HTTPS requests to the proxy. In transparent proxy mode, when SSL is turned off, Content Gateway performs URL filtering based on the common name present in the certificate from the origin server. If the site is blocked, the connection with the client is dropped; no block page is served. To disable this feature when used with WCCP, do not create a service group for HTTPS.

Quick Links

Working With Encrypted Data