Install the Root Certificate for All Browsers
To inspect web traffic, perform SSL decryption, or render a block page correctly when a browser on a user device attempts to visit a blocked HTTPS web site, install the Cisco Secure Access root certificate for each browser on the organization's user devices. User devices must have the Cisco Secure Client deployed with the Umbrella module.
Steps to perform the installation of certificates vary based on the operating system and browser type. For more information, see Install the Cisco Secure Access Root Certificate.
Inspect and Decrypt HTTPS Traffic
Inspect HTTPS traffic and perform SSL decryption.
- Install a Secure Access root certificate for each browser on a user device.
- Enable HTTPS inspection in the Web profile for the Secure Access secure web gateway (SWG).
If you do not enable HTTPS inspection, Secure Access is unable to perform file inspection, URL matching, advanced application controls, or provide URL level visibility for HTTPS communications. - Enable Decryption in the Web profile for the Secure Access secure web gateway (SWG).
For more information, see Manage Web Profiles.
Render Block and Warn Pages
Render Block and Warn pages correctly.
- When a browser on user device visits a blocked HTTPS website, even without HTTPS inspection or SSL decryption enabled, Secure Access does not downgrade the HTTPS protocol to HTTP when serving a block page. Thus, if a root certificate is not installed, the web browser displays a certificate warning to the user. For more information, see Manage Notification Pages.
Umbrella Roaming Security Module Requirements < Install the Root Certificate for All Browsers > Interpret Internet Security Diagnostics
Updated 5 months ago