transparent wsa and https traffic

mulhollandm · ‎10-21-2014

folks

i've deploying a S300V in transparent mode and using wccp

i have a single policy allowing http and https

http works fine but https doesn't

i can see both sets of requests go out through my outer firewalls but the https handshake doesn't get past the client hello

the VM is being used on a guest wifi network so clients won't be authenticated, won't have a common root certificate and i don't want to decrypt traffic

tac are telling me i need to enable the https proxy but i can't as clients won't have the root certificate required

do i need to use https proxy?

thanks to anyone taking the time to reply

Ken Stieers · ‎10-21-2014

You still have to use the https proxy if you're going to use HTTPS, even if you're not going to decrypt. If it doesn't decrypt, it passes through the certs from the site, so your users shouldn't see an issue. (I haven't tested this so I won't guarentee it...)

peng · ‎12-03-2014

Ken,

If I dont to decrypt HTTPS but still want the traffic to be inspected for URL and web reputation, do I need to upload a root certificate still? I would have assume not as I do not want to decrypt HTTPS but the GUI doesn't allow me to enal HTTPS Proxy without uploading a certificate; basically I cannot "Enable HTTPS Proxy" and submit without a cert.

Basically what I just want to do is just pass through the HTTPS traffic to be check against the Access policies that the HTTP is being checked against.

Is this viable? If so can you let me know how I can achieve the above?

Thanks