Cisco Cisco Web Security Appliance S690 User Guide
11-5
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 11 Processing HTTPS Traffic
Authentication and HTTPS Connections
Figure 11-2
Certificate Issued by Web Security Appliance
You can choose how to handle the root certificates issued by the Web Security appliance:
•
Inform users to accept the root certificate. You can inform the users in your organization what the
new policies are at the company and tell them to accept the root certificate supplied by the
organization as a trusted source.
new policies are at the company and tell them to accept the root certificate supplied by the
organization as a trusted source.
•
Add the root certificate to client machines. You can add the root certificate to all client machines
on the network as a trusted root certificate authority. This way, the client applications automatically
accept transactions with the root certificate. To verify you distribute the root certificate the appliance
is using, you can download the root certificate from the Security Services > HTTPS Proxy page.
Click Edit Settings, and then click the Download Certificate link for either the generated or
uploaded certificate.
on the network as a trusted root certificate authority. This way, the client applications automatically
accept transactions with the root certificate. To verify you distribute the root certificate the appliance
is using, you can download the root certificate from the Security Services > HTTPS Proxy page.
Click Edit Settings, and then click the Download Certificate link for either the generated or
uploaded certificate.
You might want to download the root certificate from the appliance if a different person uploaded
the root certificate to the appliance and you want to verify you distribute the same root certificate to
the client machines.
the root certificate to the appliance and you want to verify you distribute the same root certificate to
the client machines.
Note
To reduce the possibility of client machines getting a certificate error, submit the changes
after you generate or upload the root certificate to the Web Security appliance, then
distribute the certificate to client machines, and then commit the changes to the appliance.
after you generate or upload the root certificate to the Web Security appliance, then
distribute the certificate to client machines, and then commit the changes to the appliance.
Authentication and HTTPS Connections
Authentication at the HTTPS connection layer is available for these types of requests:
•
explicit requests with
–
secure client authentication disabled or
–
secure client authentication enabled and an IP-based surrogate
Root certificate information either
generated or uploaded in the Web
Security appliance.
generated or uploaded in the Web
Security appliance.
Validity period specified in either
the generated or uploaded root
certificate.
the generated or uploaded root
certificate.
Requested HTTPS server.