SSL/TLS Inspection Configuration

True Protection by Jag can inspect encrypted SSL/TLS traffic to detect threats hidden within HTTPS connections. Since the majority of web traffic is now encrypted, SSL inspection is an important component of comprehensive network security.

How SSL Inspection Works

Local CA Certificate: True Protection generates a local Certificate Authority (CA) certificate that is installed in your system trust store.
Traffic Decryption: When you visit an HTTPS site, True Protection decrypts the traffic using the local CA, inspects it for threats, and then re-encrypts it before passing it to your browser.
Transparent Operation: The process is transparent to the user. Your browser shows a valid certificate issued by the True Protection local CA.
Perfect Forward Secrecy: True Protection supports modern TLS 1.2 and TLS 1.3 with forward secrecy cipher suites.

Configuration

Step 1: Navigate to Network > SSL Inspection.
Step 2: Click Enable SSL Inspection.
Step 3: Accept the prompt to install the local CA certificate.
Step 4: Configure exclusions for domains that should bypass inspection (banking sites are excluded by default).
Step 5: If you use applications that pin certificates (some VPN clients, messaging apps), add them to the bypass list.

Domain Exclusions

Certain domains are excluded from SSL inspection by default to protect privacy and prevent compatibility issues. These include banking and financial institutions, healthcare portals, and government services. You can review and modify the exclusion list under Network > SSL Inspection > Exclusions.