SSL Website Not Working After Excluding the Server Certificate from Decryption
Created On 02/08/19 00:02 AM - Last Updated 02/08/19 00:03 AM
If the firewall is sending cipher suites that are unsupported by the Server, even after including the certificate in the SSL-Exclude-Certificate settings, then perform the following steps to resolve this issue.
- Inside Objects > URL Category, click Add to create a new custom URL Category - ex ExcludeSSLdescryption, then add the URLs inside this category that you do not want decrypted.
- Inside Policies > Decryption, Create a No-Decrypt rule above the SSL decryption rule which is being used for decrypting the rest of the traffic. Place the newly created URL Category - ExcludeSSLdescryption in the URL Category. This way, the traffic for the URL Category will be excluded from the decryption policy.
- Commit this change for it to take effect.