Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create a Decrypt Profile

Use this page to configure decrypt profiles. The decrypt profile is enabled as an application service within a security policy.

Note:

Ensure that you have a root certificate imported for the organization before you create a decrypt profile. You can import SSL certificates (root and trusted) from the Certificate Management page (Secure Edge > Service Management > Certificate Management) and associate the certificates with decrypt profiles.
  1. Select Secure Edge > Service Administration > Decrypt.

    The Decrypt Profiles page opens.

  2. Click +.

    The Create Decrypt Profile page opens.

  3. Complete the configuration according to the guidelines provided in Table 1.

    Fields marked with an asterisk (*) are mandatory.

  4. Click OK.
    Table 1: Fields on the Decrypt Profile Page

    Setting

    Guideline

    General Information

    Name

    Enter a unique name without spaces containing maximum 63 characters.

    The name can contain alphanumeric characters and special characters such as hyphens and underscores.

    Description

    Enter a description containing maximum 255 characters.

    Root certificate

    Select or add a root certificate. In a public key infrastructure (PKI) hierarchy, the root certificate authority (CA) is at the top of the trust path.

    Note:

    To select the root certificate from the device, you must ensure that at least one trusted certificate is installed on the device.

    Exempted URL categories

    Select the previously defined URL categories to create allowlists that bypass decrypt processing. The selected URL categories are exempted during SSL inspection.

    Note:

    You can also add URL categories by clicking + to open the Create URL Category page. See Create a URL Category.

    Exempted addresses

    Select the previously defined addresses to create allowlists that bypass decrypt processing. The selected addresses are exempted during SSL inspection.

    Because SSL encryption and decryption are complicated and expensive procedures, network administrators can selectively bypass decrypt processing for some sessions.

    Such sessions typically include connections and transactions with trusted servers or domains with which network administrators are very familiar. There are also legal requirements to exempt financial and banking sites. Such exemptions are achieved by configuring the IP addresses or domain names of the servers under allowlists.

    Note:

    You can also add addresses by clicking + to open the Create Addresses page. See Create Addresses or Address Groups.

An decrypt profile is created, and the Decrypt Profiles page opens displaying a confirmation message.