NETGEAR STM150 - ProSecure Web And Email Threat Management Appliance Reference Manual page 121

ProSecure Web/Email Security Threat Management (STM) Appliance
If one of these is not satisfied, a security alert message displays in the browser window:
Figure 66.
However, even when a certificate is trusted or still valid, or when the name of a certificate
does match the name of the website, a security alert message still displays when a user who
is connected to the STM visits an HTTPS site. The appearance of this security alert message
is expected behavior because the HTTPS client receives a certificate from the STM instead
of directly from the HTTPS server. If you want to prevent this security alert message from
displaying, install a root certificate on the client PC. The root certificate can be downloaded
from the STM's User Portal Login screen (see Figure 88 on page 156).
If client authentication is required, the STM might not be able to scan the HTTPS traffic
because of the nature of SSL. SSL has two parts—client and server authentication. HTTPS
server authentication occurs with every HTTPS request, but HTTPS client authentication is
not mandatory, and rarely occurs. Therefore it is of less importance whether the HTTPS
request comes from the STM or from the real HTTPS client.
However, certain HTTPS servers do require HTTPS client certificate authentication for every
HTTPS request. Because of the design of SSL, the HTTPS client needs to present its own
certificate in this situation rather than using the one from the STM, preventing the STM from
scanning the HTTPS traffic. For information about certificates, see Managing Digital
Certificates on page 76.
You can specify trusted hosts for which the STM bypasses HTTPS traffic scanning. For more
information, see Specifying Trusted Hosts on page 124.
Chapter 4. Content Filtering and Optimizing Scans | 121