Creating a bypass list to allow access to sites with certificate errors
When you activate HTTPS Inspection at your organization, all sites with certificate errors are blocked by default. However, you can create a site bypass list that specifies which sites users can access even if there is a certificate error. Users can browse the sites on the bypass list, and they do not see a warning that there is a problem with the site certificate. The maximum number of sites that you can add to this list is 1000.
Consider the security implications of allowing your users to browse sites that have certificate errors. A certificate authenticates the identity of the company behind a website. A certificate error can indicate that the certificate is fake, compromised, or has been tampered with.
SSL encrypted web traffic from the sites on the bypass list is still routed through the Web Security Service infrastructure.
- To add websites to the site bypass list
- ClickServices>Web Security Services>HTTPS.
- In theAllow access to sites with certificate errorssection, selectEnable site bypass list.
- ClickAllowto confirm.
- In theAllow access to sites with certificate errorssection, clickNew.
- Enter the website address or IP address of a site that you want users to access, even if there is a certificate error.
- You can add the site as a web address or as an IP address
- You do not need to add https:// to the start of the web address or IP address.
- The use of the asterisk (*) as a wildcard in the web address or IP address isnotsupported.
- (Optional) Enter a description for the site. For example, you could enter a brief reason why the site is allowed, even with a certificate error.
- ClickAdd.The maximum number of sites that you can add to this list is 1,000.
- In theActivecolumn, clickOffto switch bypass toOn.