> > the only method I know that works consistently is to block all direct > web and ssl access and force use of a web proxy, so the SSL is between > the remote server and the proxy server, which is your security gateway. The way I've handled this in previous places when the requirement has existed is a company CA cert installed on all corporate devices (windows with AD makes this very easy) and man in the middle everything. There's no browser security errors then and the unencrypted data is visible for security inspection. Of course if doing this make sure you notify in the AUP for the company employees have to sign and agree to abide by etc etc...