Cisco Cisco Web Security Appliance S690 User Guide

If the appliance has both an uploaded certificate and key pair and a generated certificate and key pair, it 
only uses the certificate and key pair currently selected in the Signing Certificate section.

After you choose which certificate and key to use for signing SAML assertions, upload the certificate to 
each SaaS application. 

Make note of the settings when you configure the appliance as an identity provider. Some of these 
settings must be used when configuring the SaaS application for single sign-on. 

Uploaded certificate 
and key

Click Use Uploaded Certificate and Key.

Click Browse for the Certificate field.

The Web Proxy uses the first certificate or key in the file. The certificate 
file must be in PEM format. DER format is not supported.

Click Browse for the Key field. The private key must be unencrypted. 

The key length must be 512, 1024, or 2048 bits. The private key file 
must be in PEM format. DER format is not supported.

Click Upload Files.

Click Download Certificate to transfer the certificate to the SaaS 
applications with which the Web Security appliance will communicate. 

Submit and Commit Changes

Generated certificate 
and key

Click Use Generated Certificate and Key.

Click Generate New Certificate and Key.

In the Generate Certificate and Key dialog box, enter the information to 
display in the signing certificate. 

You can enter any ASCII character except the forward slash ( / ) in the 
Common Name field.

Click Generate. 

Click Download Certificate to transfer the certificate to the SaaS 
applications with which the Web Security appliance will communicate.

(Optional) Click the Download Certificate Signing Request (DCSR) link 
to submit it to a certificate authority (CA). After you receive a signed 
certificate from the CA, click Browse and navigate to the signed certificate 
location. Click Upload File. 

Submit and Commit Changes