Cisco Cisco Web Security Appliance S690 User Guide
V A L I D A T I N G C E R T I F I C A T E A U T H O R I T I E S
C H A P T E R 1 0 : D E C R Y P T I O N P O L I C I E S
189
Figure 10-2 Certification Path Example
In Figure 10-2, the certificate for the URL investing.schwab.com was signed by certificate
authority “VeriSign Class 3 Extended Validation SSL CA,” which in turn was signed by
certificate authority VeriSign.
authority “VeriSign Class 3 Extended Validation SSL CA,” which in turn was signed by
certificate authority VeriSign.
By definition, root certificates are always trusted by applications that follow the X.509
standard. The Web Security appliance uses the X.509 standard.
standard. The Web Security appliance uses the X.509 standard.
Standard web browsers ship with a set of trusted root certificates. The list of root certificates is
updated regularly. You can view the root certificates installed on the web browser.
updated regularly. You can view the root certificates installed on the web browser.
For example, to view the root certificates installed with Mozilla Firefox 2.0, go to Tools >
Options > Advanced > Encryption > View Certificates. To view the root certificates installed
with Internet Explorer 7, go to Tools > Internet Options > Content > Certificates > Trusted
Root Certification Authorities.
Options > Advanced > Encryption > View Certificates. To view the root certificates installed
with Internet Explorer 7, go to Tools > Internet Options > Content > Certificates > Trusted
Root Certification Authorities.
In Figure 10-2, the VeriSign certificate is a root certificate that shipped with the web browser.
The Web Security appliance also installs with a set of trusted root certificates. However, you
can upload additional root certificates that the Web Proxy deems to be trusted. For more
information about this, see “Importing a Trusted Root Certificate” on page 211.
can upload additional root certificates that the Web Proxy deems to be trusted. For more
information about this, see “Importing a Trusted Root Certificate” on page 211.