Configuring A Decryption Rule

Procedure

1. Configure the basic rule information:

   Item	Setting
   Rule name	Specify a unique name for the decryption rule.
   Description	(Optional) Meaningful description to easily identify the decryption rule.
   Enable	Click On or Off to enable or disable the decryption rule. If you no longer need a decryption rule, delete it, instead of setting Enable to Off.

2. In the Gateways section, select the gateways that the decryption rule applies to. You can select all gateways, specific ones from the list of gateways configured on the Gateways screen, or roaming users as necessary.
3. In the URL Categories section, select the URL categories that the decryption rule applies to.
   (Optional) Click Add Customized URL Category to specify new URL categories that are not part of the Trend Micro predefined URL categories. For more information, see Configuring A Customized URL Category.
4. In the Certificate section, select a cross-signed certificate or click Reset to use the default CA certificate provided by TMWS as the client certificate for HTTPS connections between client browsers and TMWS.
   For certificate security considerations, TMWS implements separate root CA certificates for the cloud proxy and the on-premises gateway to use or cross-sign. If you are using the cloud proxy and the on-premises gateway, make sure to configure both settings.

   For more information, see Cross-signing the CA Certificate for TMWS Cloud Proxy and Cross-signing the CA Certificate for TMWS On-Premises.

   Important Make sure that the validity period of the certificate is more than two years from when you select and upload the certificate.

   In addition to the cross-signed CA certificate and the default CA certificate, you can also use your company's own CA certificate for HTTPS decryption through the command line. This applies only to TMWS on-premises.

   For more information, see Using Your Company CA Certificate for TMWS On-Premises.
5. Click Save.