Cisco Cisco Web Security Appliance S390 Betriebsanweisung

11-11

AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide

Chapter 11 Create Decryption Policies to Control HTTPS Traffic

Routing HTTPS Traffic

Step 5

Submit and Commit Changes.

Look for the certificate you uploaded in the Custom Trusted Root Certificates list.

Removing Certificates from the Trusted List

Step 1

Select Security Services > HTTPS Proxy.

Step 2

Click Manage Trusted Root Certificates.

Step 3

Select the Override Trust checkbox corresponding to the certificate you wish to remove from the list.

Step 4

Submit and Commit Changes.

Routing HTTPS Traffic

The ability of AsyncOS to route HTTPS transactions based on information stored in client headers is
limited and is different for transparent and explicit HTTPS.

Troubleshooting Decryption/HTTPS/Certificates

•

Accessing HTTPS Sites Using Routing Policies with URL Category Criteria, page A-7

•

HTTPS with IP-based Surrogates and Transparent Requests, page A-8

•

Bypassing Decryption for Particular Websites, page A-8

•

Alert: Problem with Security Certificate, page A-8

Option

Description

Transparent
HTTPS

In the case of transparent HTTPS, AsyncOS does not have access to information
in the client headers. Therefore, AsyncOS cannot enforce routing policies that
rely on information in client headers.

Explicit HTTPS

In the case of explicit HTTPS, AsyncOS has access to the following information
in client headers:

•

URL

•

Destination port number

Therefore, for explicit HTTPS transactions, it is possible to match a routing
policy based on URL or port number.