How do I enable SSL interception for the Symantec Web Security Service (WSS)?
How do I bypass certain sites or categories from SSL interception for the WSS?
After enabling SSL Interception, the service apparently does not intercept some sites.
Enable SSL interception
To enable SSL interception:
Log in to your WSS account (portal.threatpulse.com).
In Service Mode, select Network > SSL.
After you enable SSL interception, your end users might begin receiving SSL warnings in the browser because the CA which signs the intercepted traffic is not automatically trusted by the browsers.
You must manually download the Web Security Service SSL Root Certificate and install it into the browser Trusted Root Certification Authorities. This can normally be pushed out to your browsers through your internal organizations group-policy.
See Install the SSL root certificate below.
Install the SSL root certificate in Internet Explorer and Chrome.
To install the SSL Root Certificate manually
In the WSS portal, navigate to Service -> Network -> SSL Interception.
Under the SSL Root Certificate section, click Download.
In the Start menu, search for and open Internet Options.
In the Internet Options window, click on the Content tab, then click Certificates.
Click on Import.
Click Next on the Import Wizard.
Click Browse and find the CertEmulationCA.crt file that you downloaded earlier. Then click Next.
Click Browse and select Trusted Root Certification Authorities from the list.
Click Next and then Finish.
Click Yes on the security warning that pops up.
By default, the following categories arenot intercepted, as they might contain private/personal information:
To edit these categories, select Pass Through Categories and tick the categories to bypass SSL interception (or clear any categories).
You can also bypass specific domains or IP addresses. Click Pass Through Destinations.