You are here: Cookbook > Data Security > Decrypt HTTPS Traffic and Identify the Encrypted Application

Decrypting HTTPS Traffic and Identifying the Encrypted Application

This example introduces how to decrypt HTTPS traffic and identify the encrypted application, which meets the requirements of fine-grained application management.

As shown in the below scenario, an internal user accesses a HTTPS website and the traffic is encrypted by SSL protocol. With the SSL proxy and application identification functions enabled, the device can decrypt the HTTPS traffic and identify the encrypted application.

Step 1: Configuring a SSL proxy profile

Select Policy > SSL Proxy, and click New.

In the Basic tab:

  • Name: profile1
  • Expired certificate: Decrypt
  • Unsupported version: Block
  • Unsupported encryption algorithms: Block
  • Client verification: Block
  • Warning: Enable
Step 2: Specifying a SSL profile in the security policy

Configure a security policy that allows internal users to access Internet, and specify a SSL proxy profile in the Advanced tab:

  • SSL Proxy: Select the Enable checkbox and select profile1 from the drop-down list.
Step 3: Importing the device certificate to client's Web browser

Export the certificate from the device.

Click System > PKI. In the Management tab:

  • Trust Domain: trust_domain_ssl_proxy
  • Content: CA Certificate
  • Action: Export

Click OK to export the certificate.

Import the certificate to client's Web browser.

  1. In the Chrome Web browser, select Settings > Show advanced settings.
  2. In the HTTPS/SSL section, select Manage certificates.
  3. In the Trusted Root Certification Authorities tab, select Import.
  4. Follow the wizard to import the certificate.
Step 4: Upgrading to the professional application signature database and enabling the application identification function

In CLI, execute the upgrade command to upgrade to the professional application signature database

 

Select Network > Zone, and double-click the untrust zone. In the Basic tab:

  • Application Identification: Select Enable.
Step 6: Viewing application monitor

Select Monitor > Application > Application Details.

When an internal user accesses a HTTPS website, the SSL proxy function decrypts the HTTPS traffic and the application identification function identify the encrypted application.