SSL Inspection

About

SSL Inspection allows WebTitan to process encrypted HTTPS traffic. It achieves this by performing man-in-the-middle decryption and re-encryption of the HTTPS traffic, inspecting the contents of the unencrypted HTTPS traffic.

How HTTPS requests normally work

Put simply, HTTPS is SSL layered over HTTP. The SSL layer has 2 main purposes:

  1. Verifying that you are talking directly to the server that you think you are talking to
  2. Ensuring that only the server can read what you send it and only you can read what it sends back

The SSL connection is established as follows:

  1. The browser will negotiate a secure connection directly to the remote site. Once connected, the server has to prove its identity to the client. This is achieved using its SSL certificate. An SSL certificate contains various pieces of data, including the name of the owner, the domain, the certificate’s public key, the digital signature and information about the certificate’s validity dates. The client checks that it either implicitly trusts the certificate, or that it is verified and trusted by one of several Certificate Authorities (CAs) that it also implicitly trusts. If the remote site uses an unrecognized certificate authority, the user will be first prompted by the browser to inspect and accept this site's certificate authority.

  2. The certificate authority contains a key that verifies the authenticity of the encrypted content that is received from the secure website, and which the SSL software decrypts.

  3. Any information that the user submits to the secure website is also encrypted, and the authenticity of their submission is similarly verified by the certificate authority.

SSL Certificates


When SSL inspection is enabled, WebTitan uses a CA certificate to decrypt SSL traffic. There is one already present on a new install ready to be used or further ones can be created.

Enabling this setting will result in browsers displaying warning messages proclaiming that there is a problem with a requested website's certificate. Though these warnings can be bypassed It is obviously not practical to have to deal with them for every web request, so to prevent warnings from appearing the '.der' file of the CA certificate must be imported into any web browser that will be using WebTitan.


Browser Configuration

The importing of the .der file can vary from browser to browser, below are the methods to import them into all major browsers:


Install root certificate using Group Policy (GPO) distribution

The method to deploy trusted root certificates domain wide is described in the below link

http://technet.microsoft.com/en-us/library/cc770315(v=ws.10).aspx

WebTitan Configuration

SSL Inspection is enabled from the 'Filtering > SSL Inspection > Configuration' tab. From here you can choose what traffic to inspect from the drop down menu.


All traffic: Decrypt all HTTPS traffic Selected Domains: Only decrypt specific domains, which you can add into the domains field below. All Except Select Domains: Decrypt all HTTPS traffic except for the domains you can add into the field below.

From 'Filtering > Certification Authority' you create and download certificates to be imported into users browsers. The .der file of the certificate in your browser must be the same one that is selected from the drop down CA certificate menu.