Cisco Cisco Web Security Appliance S690 User Guide

V A L I D A T I N G   C E R T I F I C A T E   A U T H O R I T I E S

C H A P T E R   1 0 :   D E C R Y P T I O N   P O L I C I E S

 189

Figure 10-2 Certification Path Example

In Figure 10-2, the certificate for the URL investing.schwab.com was signed by certificate 
authority “VeriSign Class 3 Extended Validation SSL CA,” which in turn was signed by 
certificate authority VeriSign. 

By definition, root certificates are always trusted by applications that follow the X.509 
standard. The Web Security appliance uses the X.509 standard.

Standard web browsers ship with a set of trusted root certificates. The list of root certificates is 
updated regularly. You can view the root certificates installed on the web browser. 

For example, to view the root certificates installed with Mozilla Firefox 2.0, go to Tools > 
Options > Advanced > Encryption > View Certificates. To view the root certificates installed 
with Internet Explorer 7, go to Tools > Internet Options > Content > Certificates > Trusted 
Root Certification Authorities.

In Figure 10-2, the VeriSign certificate is a root certificate that shipped with the web browser.

The Web Security appliance also installs with a set of trusted root certificates. However, you 
can upload additional root certificates that the Web Proxy deems to be trusted. For more 
information about this, see “Importing a Trusted Root Certificate” on page 211.