Enable Certificate Error Handling
The purpose of enabling and configuring certificate error handling depends on how the responses are managed when a request to access a specified domains detects a certificate error. Umbrella can be configured to either ignore errors from specified domains or block access if an error is detected, see Umbrella's help.
Table of Contents
Prerequisites
Full admin access to the Umbrella dashboard. See Manage User Roles.
Procedure
Note:
You must log into your Umbrella dashboard as an administrator.
Step 1: Enable the Certificate Error Handling button
- Navigate to Policies > Management>Web Policy and click Global Settings.
- Under Global Settings, enable the Certificate Error Handling toggle button.
Note:
Enable with caution as ignored certificate errors may result in security threat.
Step 2: Add a Domain
- Under Certificate Error Handling, type the domain, and click Add.
- Then select Ignore or Block status and click Done.
Note:
By default, all three domain statuses are set to Block either due to expired certificate, mismatch hostname and unrecognized certificate authority.
- The user can select a domain and an action Ignore or Block for each type of certificate validation error. The actions Ignore and Block signify the following:
- Ignore: - If you select this action, the error is disregarded, and the request continues processing as if the error does not exist.
- Block - If you select this action, the request is dropped, and a block page is displayed to the user; this is the default action for all certificate errors.
When multiple errors are present, any certificate validation error should take precedence. If no specific configuration is set for a certificate error group, the default action will be to block.
- To change the domain staus , click Edit .
- Change the status to Ignore and click Done.
Note:
There should be at least one non-blocking action; only then can we save the configuration settings as the default action is blocked.
- Once you have changed the domain status , click Save to save the domain settings.
Add a Web Selective Decryption List < Enable Certificate Error Handling > Manage Schedule Settings for the Web Policy
Updated about 2 months ago