HTTPS connections are used to encrypt traffic used for most websites to ensure confidentiality. HTTPS can contain malicious content such as malware/viruses and other threats. The Cisco WSA supports HTTPS decryption, which allows the appliance to view the contents and inspect the traffic.
When using HTTPS decryption on a WSA, there are two different HTTPS connections, one between the user and the WSA and another between the WSA and the web server. The WSA performs the SSL handshake twice. The handshake between the user and the WSA, the WSA sends the client its own certificate, spoofing the requested web server certificate.
The diagram below represents the traffic flow between a client and a HTTPS server that goes through the WSA.
integrating IT 