Using Forefront TMG, you can inspect outbound HTTPS traffic in order to protect your organization from security risks inherent to Secure Sockets Layer (SSL) tunnels, such as:
- Viruses and other malicious content that
could infiltrate the organization undetected.
- Users who bypass the organization’s access
policy by using tunneling applications over a secure channel (for
example, peer-to-peer applications).
For general information about HTTPS inspection, including information regarding the certificates necessary for implementation, see Planning for HTTPS inspection.
The following topics describe how to configure and deploy HTTPS inspection.
- Enabling HTTPS
inspection—Describes how to enable and configure HTTPS
inspection.
- Generating the HTTPS
inspection certificate—Describes how to generate the HTTPS
inspection certificate or import an existing certification
authority (CA) certificate to Forefront TMG.
- Deploying the HTTPS
inspection trusted root CA certificate to client
computers—Describes how to deploy the HTTPS inspection trusted
root CA certificate to client computers, either via Active
Directory or via manual import.
- Configuring the
certificate validation policy—Describes how to review the
default certificate validation policy and adjust it if
necessary.
- Excluding sources and
destinations from HTTPS inspection—Describes how to exclude
sites from HTTPS inspection policy.
- Notifying users that
HTTPS traffic is being inspected—Describes how to configure
client notification that HTTPS traffic is being inspected.