1 of 1 people found this helpful
Out of the box, MWG ships with SSL Inspection rules (disabled by default).
The default rules takes care of everything you mentioned above. MWG can inspect the certificate, the issuing CA, common name mismatches, etc..
In our master list of best practices (McAfee Web Gateway Best Practices and Common Scenarios), there is a number of articles regarding HTTPS considerations.
My colleagues Steve and Darin, did a techtalk about SSL scanner McAfee TechTalk - McAfee Web Gateway SSL Scanning Capabilities it's an older video but still relevant.