Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1186
Views
3
Helpful
0
Comments

Certificate Error Handling Now Available in Umbrella

kwelkerm
Cisco Employee
Cisco Employee

on ‎11-04-2024 09:47 AM

We are excited to announce the release of "Certificate Error Handling" for Umbrella.

 

What is Certificate Error Handling?

This feature empowers administrators to handle domains with certificate problems by allowing the proxy to either block (currently the default action for any certificate error) or ignore specific certificate errors.  When the ignore action is enabled, Umbrella decrypts without acknowledging the certificate error.

Certificate Errors that can be configured:

  1. Expired Certificates: Certificates that have passed their expiration date.
  2. Mismatched Host Names: Certificates where the hostname does not match the domain.
  3. Unrecognized or Self-Signed Certificates: Certificates that are not recognized by a trusted Certificate Authority or are self-signed.

Once the feature is enabled, administrators will see the disabled "Certificate Error Handling" toggle button in Global Settings under Web Policy.

 

kwelkerm_0-1730736557945.png

 

How to Configure the Certificate Error Handling

  1. Toggle on the "Certificate Error Handling" button.
  2. Add a domain and configure the specific exceptions for the types of certificate errors the proxy should block or ignore.
kwelkerm_1-1730736557961.png

 

Ideal Use Case for Certificate Error Handling

This feature is ideal for scenarios where administrators need to access domains that may have certificate issues but are still trusted. It allows for flexibility while acknowledging the potential security risks. Customers should make informed decisions when enabling exemptions for certificate errors, as it could create vulnerabilities to malicious actors.

 

Frequently Asked Questions

1. Where can customers find documentation for this feature?

https://docs.umbrella.com/umbrella-user-guide/docs/enable-certificate-error-handling

2. What specific customer pain point does this feature address?

It allows administrators to bypass certificate issues such as expired certificates, mismatched host names, and unrecognized or self-signed certificates, ensuring uninterrupted access to essential services.

3. Is this feature included in all subscription tiers or part of a premium package?

This feature is included in all Umbrella SIG packages at no additional cost.

4. How should customers balance the need for access with the potential security risks?

Customers should make informed decisions by carefully evaluating the trustworthiness of the domains in which they allow exceptions. Documentation includes warnings about security risks, and best practices suggest only enabling exceptions for known and trusted domains. Continuously monitoring and reviewing these exceptions is crucial to maintaining a balance between accessibility and security.

Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents