Configure SSL Inspection Setting
- Click 'Configuration' > 'Web Content Policy' > 'SSL Inspection' to view this interface.
The 'SSL Inspection' area lets you:
- Specify whether Comodo Secure Web Gateway (SWG) should check if websites use an SSL certificate from a trusted CA. You can then choose whether to allow or block sites that use an untrusted certificate.
- Download and install the Comodo SWG certificate. This is required if you want SWG to decrypt, analyze and apply policies to content served by https websites. The certificate should be installed on users' browsers or deployed to networks via Group Policy Object (GPO).
- Create exceptions to allow trusted domains, IPs and networks.
Contact Comodo at domesupport@comodo.com to specify website categories to bypass Comodo Secure Web Gateway filtering engine and allow users to access websites in these categories directly.
Enable SSL Inspection
- SSL inspection checks whether a website uses a certificate from a trusted certificate authority (CA).
- Choose whether you want to allow or block sites which use an untrusted certificate - one that is not from a trusted CA.
- You must enable this for SWG to monitor HTTPS traffic and apply relevant policies. See 'Certificate for SSL Interception' for help to install the SWG SSL certificate.
- Click 'Save' for your changes to the page to take effect.
Bypassed Domains
Add domains, IPs and networks whose certificates will be not checked by Comodo SWG.
- Enter the URL of a website, domain, domain name with wildcard, IP or network in CIDR format in the field and click the '+' button. Repeat the process to add more exceptions.
- To remove a website from the list, click the trash can icon beside it.
- Click 'Save' for your changes to the page to
take effect.
Certificate for SSL Interception
- You have to download and install the SWG certificate in order to decrypt and apply policy to HTTPS websites.
- Once the certificate is installed, SWG can apply all rules to HTTPS sites as it does for non-secure sites.
- Make sure 'Enable SSL Inspection' is on.
- Click the 'Download Certificate' button. You can also download the certificate from 'Administration' > 'How to Configure' > 'SSL Interceptions' > 'Download Node Certificate'.
- Installation - click the 'How to page' link and follow the instructions in the 'SSL Interception' tab.
- Note – You can get Comodo SWG to generate a certificate for you, or you can upload an existing certificate.
- Go to 'Administration' > 'How to Configure' > 'SSL Interceptions' tab
- Click 'Generate Certificate' under 'Generate Node Certificate' – This will replace the current SSL certificate in the node.
- Upload Combined PEM File - To use your own SSL certificate, click 'Browse...' , select the certificate then click 'Upload'.
- Click 'Download Certificate'. Follow the instructions under 'Browsers' / 'Windows Group Policy'' for help to install the certificate
Bypassed Categories
The list of bypassed categories is provided by Comodo. Sites in bypassed categories are not subject to SWG filters and can be freely accessed by end-users. Please contact us at domesupport@comodo.com if you want to add or remove categories from the list.
