Sophos Firewall can inspect HTTPS traffic by acting as a man in the middle using a privately signed CA. For customers who already have their privately signed CA from a CA provider, this article describes the steps to configure Sophos Firewall to use this privately signed CA for HTTPS traffic inspection. For more information about CA use and providers, refer to Certificate authority and Public key infrastructure. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
Please refer to Sophos Firewall: How to add an external certificate authority (CA) in Sophos Firewall
Go to Web > Protection and select the privately signed CA under HTTPS Decryption and Scanning section.
Go to Firewall and edit the rule controlling HTTPS traffic. Enable Decrypt & Scan HTTPS under Malware Scanning section.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.