Hi.
I'm looking for any best practices for implementing a SSL Policy Exception Rule.
LAN -> Internet is using a generic Decrypt-Resign all HTTPS sessions.
And i'm trying to add an exception as Windows update clients and WSUS are both complaining about bad certificates.
Should I use:
- Source Zone, Dest Zone, Source NetWork + Application = Microsoft Update + Dest Port=HTTPS or
- Source Zone, Dest Zone, Source Network + Port=HTTPS, SSL Subject DN=CN_update.microsoft.com & CN_.update.microsoft.com
Or another solution ?
Please advise & Thanks in advance