Configuring HTTPS Proxy settings

Enable HTTPSHypertext Transfer Protocol over Secure Socket Layer (SSL). Scanning to monitor and block traffic within encrypted streams (URLs starting with https://). This prevents threats from malicious content that may be present in HTTPS sites or downloads. GFI WebMonitor does not read or display any encrypted contents.

To configure HTTPS Scanning settings:

1. Go to Settings > Core Settings > HTTPS Scanning.

Enable HTTPS Scanning

2. Click the HTTPS Scanning switch to turn on.

Information related to active certificate

3. In the Current Certificate area, view relevant information of the currently used certificate. GFI WebMonitor needs a valid certificate to inspect HTTPS traffic. If no certificate is currently enabled, consult the following sections that show you how to work with certificates:

• Creating a new HTTPS Scanning certificate
• Import an existing HTTPS Scanning certificate
• Export an HTTPS Scanning certificate

Configure advanced HTTPS options

4. Click the Display Warning switch to display a warning page to users before GFI WebMonitor starts decrypting and inspecting HTTPS traffic.

5. Click the Block Non-Validated switch to start blocking HTTPS websites with certificates that are not yet validated.

6. Click the Block Expired switch to block pages that contain expired certificates.

7. Use the Accept up to 'x' days after expiry field to accept websites whose certificate has expired by a number of days.

8. Click the Block Revoked switch to block websites with revoked certificates.