Step 1: Go to Admin  HTTPS Inspection  Certificates.

Step 2: Click on Generate a CSR, enter the Identifier which Identifies the certificate in the CWS portal, a description and then click Next

Step 3: After you click Next, a CSR would be automatically generated. You would need to download this CSR and get a cert generated using it.

Please note: the session expires in 30mins and if you do not upload the cert before 30mins, you would have to generate the CSR again.

Go to the MS CA server, go to Request a Certificate  click ‘Submit an advanced certificate request”.

Step 5: Open the CSR file in Notepad, copy paste the contents in the Certificate request box. The Certificate Template to be used has to be the “Subordinate CA”

If you do not see this template, make sure the “Subordinate CA template” is present under the “Certificate templates” of the certificate Authority and proper rights are provided. Please consult your AD admin for more information

Step 6: After getting the CA signed cert, go back to the portal and upload the cert on the portal

We need to make sure the Root CA certificate from the Microsoft CA is installed on the web browsers of all PCs. This can be easily done through Active Directory Group policies. Please consult your AD admin for more information on this process.

Step 7: After the certificate has been upload, go to HTTPS Inspection  Filters and create a Decryption filter.

Please Note: this filter would be to select the web categories for whom the HTTPS traffic shall be decrypted. If you want to block some traffic, that has be done through the Web Filtering policy.

Step 8: Now go to HTTPS Inspection  Policy  Create HTTPS Rule. Type a Name, select the certificate added earlier and apply the filter created.

In the test we have selected Social Network and would be testing through Facebook. Thus only ‘facebook’ traffic would be decrypted and other HTTPS traffic would be Skipped inspection and would go through without Decryption.

Step 9: Now when we browse to facebook and check certificate, it should show the certificate we have created.


Step 10: For testing let’s create a Web Filter to block Facebook. To do this, go to Web Filtering  Management  Filters. Click Create Filter and Select Social Networking.


Step 11: Go to Management  Policy. Click on create Rule, select the Action Block and add the filter created above to block Social Networking sites.