Applies to Sophos Home for Windows
Why do you need HTTPS Website Decryption?
Secure websites (HTTPS) are encrypted, Sophos Home can only scan its contents if you allow it to decrypt them. This provides enhanced security when accessing websites.
This feature is turned OFF by default. Before turning it on, you might want to exclude some sites from decryption, since it might let our product record accessed URLS and show them in your computer's NTP log entries.
Configure HTTPS Website Decryption
Turn decryption on or off
- Access your Dashboard
- Navigate to PROTECTION > Web
- Choose the desired options under HTTPS Website Decryption
- Click on the slider to turn it on (blue- right position), or off (grey - left position)
Exclude websites from decryption
- Access your Dashboard
- Navigate to PROTECTION > Web
- Choose the desired options under HTTPS Website Decryption
- Add websites in the bottom box to exclude them
Firefox and decryption
Firefox uses its own certificate store and this affects decryption of HTTPS websites. They also use their own DNS servers instead of using the Windows DNS servers.
For our decryption to work correctly you need to tell Firefox to trust the Windows certificate store. To do this, do as follows:
-
Enter 'about:config' in the address bar and press Enter.
A warning page may appear. Click Accept the Risk and Continue to go to the about:config page.
-
Set 'security.enterprise_roots.enabled' to True.
This tells Firefox to trust the Windows root certificate store.
You also need to tell Firefox to use your Windows DNS servers. This is important for web protection, as it allows us to see the Server Name Indication (SNI) information of an HTTPS session if HTTPS decryption is turned off. For help with this see Firefox DNS-over-HTTPS.