Configure action for unverifiable certificates

Complete this procedure to configure how ETP Proxy handles requests when the proxy cannot verify a website’s origin certificate. In this situation, you can block the request or select the bypass action. For more information, see Unverifiable origin certificates.

How to

  1. In the navigation menu, select Configuration > Policies.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Policies > Policies.
  2. If you are adding a new policy:
    1. On the Policies page, click the plus sign icon.
    2. Enter a name and description for the policy in the Name and Description field.
    3. To configure a policy with settings from a predefined template, select one of these templates and click Continue:
      • Strict. Contains settings that block known and most suspected threat categories. Select this template to apply settings that are a best practice for a policy.
      • Monitor-only. Logs and reports threats but it does not block them. This template is ideal for testing or assessing policy impact before using the Strict template. This template assigns the monitor policy action to all known and suspected threat categories.
      • Custom. Lets you define policy actions for known and suspected threats.
    4. To assign a location, click the link icon, select a location or multiple locations, and click Associate.
  3. If you are modifying a policy, click the name of the policy that you want to edit or click the edit icon that appears when you hover over the policy.
  4. Click the Settings tab.
  5. In the Proxy Settings area, toggle Enable Proxy to on.
  6. In the Invalid Certificate Response menu, select one of these actions:
    1. To block the request and show an error page, select Block - Error Page.
    2. To allow the request to bypass ETP Proxy, select Bypass.
  7. Depending on the type of ETP proxy that you want to configure for your enterprise, make sure you review and complete the steps that are outlined in these procedures:
    1. To enable a full web proxy, see Enable full web proxy.
    2. To enable a selective proxy, see Enable selective proxy.
  8. Click Save.

Next steps

Deploy configuration changes. For more information, see Deploy configuration changes