Add a Do Not Decrypt List for Web Profiles

Private Preview

Decrypting traffic to certain destinations may be prohibited by regional privacy regulations.

Create a custom Do Not Decrypt list to specify destinations that will not be decrypted by the security and acceptable use features in a web profile. HTTPS traffic to these destinations cannot be properly inspected for threats when traffic is not decrypted.

If you need to specify a Do Not Decrypt address for IPS profiles, edit the system-provided Do Not Decrypt List.



  1. Navigate to Secure > Settings > Do Not Decrypt Lists and click Add.
  1. Give your list a good descriptive List Name.
  1. Add content categories, applications, and domains that will be exempt from decryption:

    a. Click Add, select Categories to be exempt from HTTPS inspection and then click Close.

b. Click Add, add a Domain to exempt it from HTTPS inspection and then click Add.

c. Click Add, select Applications to be exempt from decryption and then click Close.

  1. Click Save.
    Your new Do Not Decrypt List is saved to Secure Access and available for selection when adding Web profiles to the Access policy.

Important Information About Do Not Decrypt Lists < Add a Web Selective Decryption List > Manage Certificates