This functionality is available only in an application deployed from an ISO image. When the application is installed from an RPM or DEB package, the administrator must configure decryption of TLS/SSL connections using the resources of the proxy server.
Users' computers may connect to web resources using unencrypted or encrypted connections. Kaspersky Web Traffic Security can scan both types of traffic. Unencrypted connections are scanned using standard traffic processing rules. To process encrypted traffic, you must configure decryption of TLS/SSL connections. If decryption is not configured, the application will not be able to apply all settings of access rules, or perform scans using the Anti-Virus and Anti-Phishing modules within the scope of protection rules.
In the documentation and in the web interface of the application, the term "SSL" is used as a well-established synonym for encryption (SSL connections, SSL rules). However, to establish encrypted connections, it is recommended to use the TLS version 1.2 protocol because the SSL protocol is outdated and unsafe.
Decryption of SSL connections consists of the following steps.
To understand how the application works and to correctly configure the settings, it is recommended to first read the specific features of processing CONNECT requests and establishing TLS connections.
After adding one or multiple certificates, you must assign the active status to one of them. If no certificate is active, you cannot enable decryption of SSL connections.
The default action will be applied to SSL connections that do not meet the conditions of any SSL rule.
Using SSL rules, you can define the actions the application takes on SSL connections depending on the source or destination of the connection.
The proxy server will assign the Trusted status to the security certificates of web resources to which the Bump action is applied.