Related topics: Initial SSL configuration tasks Enabling SSL support Certificates Internal Root CA Managing certificates SSL configuration settings for inbound traffic SSL configuration settings for outbound traffic Validating certificates Managing HTTPS website access Enabling SSL support Client certificates Customizing SSL connection failure messages Custom certificate key SSL decryption port mirroring (appliance deployments)

Important  Even when HTTPS support is not enabled and HTTPS is not decrypted, Content Gateway performs a URL lookup and applies policy. In these circumstances: In explicit proxy mode, Content Gateway performs URL filtering based on the hostname in the request. If the site is blocked, Content Gateway serves a block page. Some browsers do not support display of the block page. To prevent this URL filtering, configure clients to not send HTTPS requests to the proxy. In transparent proxy mode, if there is an SNI in the request, Content Gateway gets the hostname from the SNI and performs URL filtering based on the hostname. Otherwise, Content Gateway uses the Common Name in the certificate of the destination server. If the Common Name contains a wildcard (*), the lookup is performed on the destination IP address. If the site is blocked, the connection with the client is dropped; no block page is served. To prevent this URL filtering with WCCP, do not create a service group for HTTPS.

Note  Content Gateway does not cache HTTPS content.