Configuring HTTPS Proxy settings

Enable HTTPSHypertext Transfer Protocol over Secure Socket Layer (SSL). Scanning to monitor and block traffic within encrypted streams (URLs starting with https://). This prevents threats from malicious content that may be present in HTTPS sites or downloads. GFI WebMonitor does not read or display any encrypted contents.

To configure HTTPS Scanning settings:

1. Go to Settings > Core Settings > HTTPS Scanning.

Enable HTTPS Scanning

2. Click the HTTPS Scanning switch to turn on.

Information related to active certificate

3. In the Current Certificate area, view relevant information of the currently used certificate. GFI WebMonitor needs a valid certificate to inspect HTTPS traffic. If no certificate is currently enabled, consult the following sections that show you how to work with certificates:

Configure advanced HTTPS options

4. Click the Display Warning switch to display a warning page to users before GFI WebMonitor starts decrypting and inspecting HTTPS traffic.

5. Click the Block Non-Validated switch to start blocking HTTPS websites with certificates that are not yet validated.

6. Click the Block Expired switch to block pages that contain expired certificates.

7. Use the Accept up to 'x' days after expiry field to accept websites whose certificate has expired by a number of days.

8. Click the Block Revoked switch to block websites with revoked certificates.


Ensure that by enabling HTTPS Scanning you are not violating any laws in your jurisdiction or any compliance regulations for your industry.


It is recommended that any HTTPS website that would be inappropriate for GFI WebMonitor to decrypt and inspect is added to the HTTPS scanning exclusion list. For more information refer to Adding Items to the HTTPS Scanning Exclusion List.