ProSecure Unified Threat Management (UTM) Appliance Reference Manual
Content Filtering and Optimizing Scans 6-35
v1.0, January 2010
If one of these is not satisfied, a security alert message appears in the browser window (see
Figure 6-14).
However, even when a certificate is trusted or still valid, or when the name of a certificate does
match the name of the Web site, a security alert message still appears when a user who is
connected to the UTM visits an HTTPS site. The appearance of this security alert message is
expected behavior because the HTTPS client receives a certificate from the UTM instead of
directly from the HTTPS server. If you want to prevent this security alert message from appearing,
install a root certificate on the client PC. The root certificate can be downloaded from the UTM’s
Manager Login screen (see Figure 2-1 on page 2-3).
If client authentication is required, the UTM might not be able to scan the HTTPS traffic because
of the nature of SSL. SSL has two parts—client and server authentication. HTTPS server
authentication occurs with every HTTPS request, but HTTPS client authentication is not
mandatory, and rarely occurs. Therefore it is of less importance whether the HTTPS request comes
from the UTM or from the real HTTPS client.
However, certain HTTPS servers do require HTTPS client certificate authentication for every
HTTPS request. Because of the design of SSL, the HTTPS client must present its own certificate
in this situation rather than using the one from the UTM, preventing the UTM from scanning the
HTTPS traffic. For information about certificates, see “Managing Digital Certificates” on page 9-
17.
You can specify trusted hosts for which the UTM bypasses HTTPS traffic scanning. For more
information, see “Specifying Trusted Hosts” on page 6-37.
Figure 6-14