Install the Root Certificate for All Browsers

To inspect web traffic, perform SSL decryption, or render a block page correctly when a browser on a user device attempts to visit a blocked HTTPS web site, install the Cisco Secure Access root certificate for each browser on the organization's user devices. User devices must have the Cisco Secure Client deployed with the Umbrella module.

Steps to perform the installation of certificates vary based on the operating system and browser type. For more information, see Install the Cisco Secure Access Root Certificate.

Inspect and Decrypt HTTPS Traffic

In order to apply most security features to encrypted internet traffic -- and most internet traffic is encrypted -- that traffic must be decrypted. In order to decrypt internet traffic, you must install a Secure Access root certificate for each browser on user devices. See Install the Cisco Secure Access Root Certificate.

Render Block and Warn Pages

Render Block and Warn pages correctly.

1. When a browser on user device visits a blocked HTTPS website, even without HTTPS inspection or SSL decryption enabled, Secure Access does not downgrade the HTTPS protocol to HTTP when serving a block page. Thus, if a root certificate is not installed, the web browser displays a certificate warning to the user. For more information, see Manage Notification Pages.

Umbrella Roaming Security Module Requirements < Install the Root Certificate for All Browsers > Interpret Internet Security Diagnostics