Cisco Cisco Web Security Appliance S670 Betriebsanweisung

For example, note that a web reputation score drop action overrides any action defined for predefined 
URL categories.

The configured default action only affects the action on the HTTPS request when web reputation 
filtering is not enabled, or when it is enabled and the server has no score assigned and the action for 
servers with no scores is to Monitor.

Some HTTPS servers do not work as expected when traffic to them is decrypted by a proxy server, such 
as the Web Proxy. For example, some websites and their associated web applications and applets, such 
as high security banking sites, maintain a hard-coded list of trusted certificates instead of relying on the 
operating system certificate store.

You can bypass decryption for HTTPS traffic to these servers to ensure all users can access these types 
of sites. 

Create a custom URL category that contains the affected HTTPS servers by configuring the Advanced 
properties.

Create a Decryption Policy that uses the custom URL category created in 

 as part of its 

membership, and set the action for the custom URL category to Pass Through.

The Web Security appliance ships with and maintains a list of trusted root certificates. Web sites with 
trusted certificates do not require decryption. 

You can manage the trusted certificate list, adding certificates to it and functionally removing certificates 
from it. While the Web Security appliance does not delete certificates from the master list, it allows you 
to override trust in a certificate, which functionally removes the certificate from the trusted list. 

Verify that the HTTPS Proxy is enabled. 

Select Security Services > HTTPS Proxy.

Click Manage Trusted Root Certificates.

Click Import.

Click Browse and navigate to the certificate file.

Submit and Commit your changes. 

Look for the certificate you uploaded in the Custom Trusted Root Certificates list.