- Go to Security Profiles > SSL/SSH Inspection and create a new profile.
- Add the certificate to your web browser's list of trusted certificates. End users will likely see certificate warnings unless the certificate is installed in their browser.
- Next go to Policy & Objects > IPv4 Policy and edit the policy that allows Internet access.
Enter a Name, select the certificate from the CA Certificate drop-down menu, and make sure Inspection Method is set to Full SSL Inspection.
Under Security Profiles, enable SSL/SSH Inspection and select the custom profile created earlier.
Enable Application Control and set it to default.