Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Web Security Appliance S670
  5. User Guide

Cisco Cisco Web Security Appliance S670 User Guide

Download
Page of 606
 
11-10
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 11      Processing HTTPS Traffic
Managing Certificate Validation and Decryption for HTTPS
Step 8
(Optional) Click Download Certificate so you can transfer it to the client applications on the network.
Step 9
(Optional) Click the Download Certificate Signing Request link. so you can submit the Certificate 
Signing Request (CSR) to a certificate authority (CA). 
Step 10
(Optional) Upload the signed certificate to the Web Security appliance after receiving it back from the 
CA. You can do this at anytime after generating the certificate on the appliance. 
Step 11
Submit and commit changes.
Related topics
  •
Configuring Decryption Options
Before you begin
  •
Verify that the HTTPS proxy is enabled as described in 
Step 1
Navigate to the Security Services > HTTPS Proxy page.
Step 2
Click Edit Settings.
Step 3
Enable the decryption options.
Configuring Invalid Certificate Handling
Before you begin
  •
Verify that the HTTPS proxy is enabled as described in 
Step 1
Navigate to the Security Services > HTTPS Proxy page.
Decryption Option
Description
Decrypt for Authentication
For users who have not been authenticated prior to this 
HTTPS transaction, allow decryption for authentication.
Decrypt for End-User Notification
Allow decryption so that AsyncOS can display the 
end-user notification.
Note
If the certificate is invalid and invalid certificates are set to 
drop, when running a policy trace, the first logged action 
for the transaction will be “decrypt”. 
Decrypt for End-User Acknowledgement
For users who have not acknowledged the web proxy prior 
to this HTTPS transaction, allow decryption so that 
AsyncOS can display the end-user acknowledgement.
Decrypt for Application Detection
Enhances the ability of AsyncOS to detect HTTPS 
applications.