Configuring HTTPS inspection
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
Using Forefront TMG, you can inspect outbound HTTPS traffic in order to protect your organization from security risks inherent to Secure Sockets Layer (SSL) tunnels, such as:
Viruses and other malicious content that could infiltrate the organization undetected.
Users who bypass the organization’s access policy by using tunneling applications over a secure channel (for example, peer-to-peer applications).
For general information about HTTPS inspection, including information regarding the certificates necessary for implementation, see Planning for HTTPS inspection.
The following topics describe how to configure and deploy HTTPS inspection.
Enabling HTTPS inspection—Describes how to enable and configure HTTPS inspection.
Generating the HTTPS inspection certificate—Describes how to generate the HTTPS inspection certificate or import an existing certification authority (CA) certificate to Forefront TMG.
Deploying the HTTPS inspection trusted root CA certificate to client computers—Describes how to deploy the HTTPS inspection trusted root CA certificate to client computers, either via Active Directory Domain Services or via manual import.
Configuring the certificate validation policy—Describes how to review the default certificate validation policy and adjust it if necessary.
Excluding sources and destinations from HTTPS inspection—Describes how to exclude sites from HTTPS inspection policy.
Notifying users that HTTPS traffic is being inspected—Describes how to configure client notification that HTTPS traffic is being inspected.