Enabling the HTTPS Decryption and Inspection

After you have generated or imported the Decryption Certificate and marked it as trusted in the certificate store of the clients operating system there is one more step that needs to be done.

Select Decryption Mode

To enable HTTPS decryption, choose either Targeted Decryption or Complete Decryption mode in Admin UI / Squid Proxy / HTTPS page, tab SSL Decryption.

In Targeted Decryption mode only domains which are part of Always Decrypted list are decrypted. To manage this list, click on Squid Proxy / HTTPS / Always Decrypted Targets tab.

In Complete Decryption mode all domains are decrypted. The application allows to automatically bypass decryption on highly trusted domains - for example, privacy sensitive sites, government, financial institutions, health and personal sites, this can be configured in Admin UI / Squid Proxy / Exclusions / Category.

Adjust Decryption per Policy

Web Safety can also adjust HTTPS decryption per policy. To skip HTTPS decryption for a given filtering policy, open Admin UI / Web Filter / Policy, select the Advanced tab and set or clear the checkbox as desired as shown on the following screenshot.