Find sites that have expired certificates so you can
make informed decisions about allowed traffic.
If you follow
Decryption best practices and
Block
sessions with expired certificates in the
Forward Proxy Decryption
profile or in the
No Decryption profile,
then if a server presents an expired certificate, the firewall blocks
the session. However, if site that you need to access for business
reasons allows its certificate to expire, connections to that site
may be blocked and you may not know why.
You can use the
Decryption log to check for expired certificates and to check for
certificates that will expire soon so you can be aware of the situation
and take appropriate action.