Cisco Cisco Web Security Appliance S670 User Guide

In 

, the certificate for the URL investing.schwab.com was signed by certificate authority 

“VeriSign Class 3 Extended Validation SSL CA,” which in turn was signed by certificate authority 
VeriSign. 

By definition, root certificates are always trusted by applications that follow the X.509 standard. The 
Web Security appliance uses the X.509 standard.

Standard web browsers ship with a set of trusted root certificates. The list of root certificates is updated 
regularly . You can view the root certificates installed on the web browser. 

For example, to view the root certificates installed with Mozilla Firefox 2.0, go to Tools > Options > 
Advanced > Encryption > View Certificates. To view the root certificates installed with Internet Explorer 
7, go to Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities.

In 

, the VeriSign certificate is a root certificate that shipped with the web browser.

The Web Security appliance also installs with a set of trusted root certificates. However, you can upload 
additional root certificates that the Web Proxy deems to be trusted. For more information about this, see 

.

The request and response data is encrypted for HTTPS connections before it is sent across the network. 
Because the data is encrypted, third parties can view the data, but cannot decrypt it to read its contents 
without the private key of the HTTPS server. 

 shows an HTTPS connection between a client and a HTTPS server.