Article ID: 2963834 - View products that this article applies to.
Consider the following scenario:
In this scenario, HTTPS traffic may not be inspected.
This problem may occur if the destination site uses a server certificate that has subject alternative names (SANs). If any of the Domain Name System (DNS) names in the SAN list are not in the inclusion domain name set that is specified for HTTPS inspection, HTTPS traffic will not be inspected.
To resolve this problem, install Rollup 5
(http://support.microsoft.com/kb/2954173/ )for Forefront Threat Management Gateway 2010 Service Pack 2.
To work around this problem, make sure that all the DNS names in the SAN list are included in the domain name set that is used for the inclusion domains. You can inspect these names by viewing the server certificate and then inspecting the Subject Alternative Name field.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Learn about the terminology
(http://support.microsoft.com/kb/824684/ )that Microsoft uses to describe software updates.
Article ID: 2963834 - Last Review: June 27, 2014 - Revision: 1.0