Protect a Private HTTPS Server

To provide a better end-user experience, the HTTPS proxy does not do certificate validation for inbound requests to a private HTTPS server on your network. Client browsers see the configured Proxy Server certificate after content inspection is performed.

For additional security, we recommend that you import the CA certificate used to sign the HTTPS server certificate, and then import the HTTPS server certificate with its associated private key. If the CA certificate used to sign the HTTPS server certificate is not automatically trusted itself, you must import each trusted certificate in sequence for this feature to operate correctly. After you have imported all of the certificates, configure the HTTPS Proxy.

In Fireware v12.2 and higher, when you configure Domain Name rules for content inspection in the inbound HTTPS Proxy, you can choose the proxy server certificate to use for that domain or use the default Proxy Server certificate. This enables you to host several different public-facing web servers and applications behind one Firebox and allow different applications to use different certificates for inbound HTTPS traffic.

See Also

About Certificates

About the HTTPS-Proxy

Use Certificates with HTTPS Proxy Content Inspection

Troubleshoot Problems with HTTPS Content Inspection

Manage Device Certificates (WSM)

Manage Device Certificates (Web UI)