Skip to main content

HTTPS Inspection

Today, most browsers and websites encrypt transmitted data and exchange it over HTTPS connections.
Just as HTTPS encrypts sensitive information and personal data, threats are also encrypted within this traffic.
The ability to inspect and control this traffic is essential for strengthening organizational security.

How HTTPS Inspection Works

PromoProxy establishes separate SSL tunnels with the user’s browser and the destination server to inspect HTTPS traffic.
In more detail, HTTPS inspection in PromoProxy works as follows:

  1. The user’s browser sends an HTTPS request.
  2. PromoProxy intercepts the request and establishes its own HTTPS request to the destination server through a separate SSL tunnel, performing the SSL negotiation.
  3. The destination server sends its certificate and public key to PromoProxy.
  4. PromoProxy and the destination server complete the SSL handshake. Application data and subsequent messages are transmitted through the SSL tunnel.
  5. PromoProxy then performs an SSL negotiation with the user’s browser, sending the PromoProxy intermediate certificate and a server certificate signed by PromoProxy. The browser validates the certificate chain against its certificate store.
  6. PromoProxy and the browser complete the SSL handshake. Application data and subsequent messages are transmitted through the SSL tunnel.

In PromoProxy, HTTPS inspection is always enabled and cannot be disabled through settings.
By performing HTTPS inspection, PromoProxy can detect malware hidden inside encrypted HTTPS traffic.

info

PromoProxy does not support websites that strictly enforce mutual TLS authentication with the browser.
For websites that require mutual TLS or may break due to inspection, administrators can configure HTTPS inspection exclusions on a per-site basis to avoid issues.

Installing the Intermediate CA Certificate

To use PromoProxy and this feature, you must install the PromoProxy intermediate CA certificate on the user’s device.
For instructions on installing the intermediate CA certificate, please refer to the Quick Start.