Configuring certificate verification bypass

Administrator Help | Forcepoint Web Security | v8.5.x

The hybrid service verifies certificates for HTTPS sites that it has decrypted and analyzed. Certificate verification checks apply to all certificates in the trust chain. Use of certificate verification is recommended in order to avoid security risks from malicious sites with certificates that misrepresent their identity.

If certificate verification fails, a notification page displays indicating that a certificate error has been detected. End users can be given the option to bypass certificate errors for specified sites. They can proceed to the site or go back.

You can create a list of sites that do not return a notification page for certificate errors. Instead the user is given access to the site. This option is useful, for example, for sites that you trust even if the certificate is expired, is not yet valid, or is self-signed.

Click On under Perform certificate verification to enable the feature. Click Off to disable it.

Select Provide end users an option to bypass all certificate errors to provide all users with the notification page that includes an option to bypass a certificate error and proceed to the site.

If you have selected Perform certificate verification, you can maintain a list of domains or IP addresses for which certificate verification errors are automatically bypassed. The end user receives no notification page and is given access to the site.

Enter the domains and IP addresses in the entry field provided.

A comma-separated list can be used, but IP address ranges are not supported.

Click Add to populate the list.

Select an item on the list and click Delete to remove it.

Click OK to cache your changes. Changes are not implemented until you click Save and Deploy.