Cisco Cisco Web Security Appliance S360 User Guide
22-27
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 22 Perform System Administration Tasks
Certificate Management
Step 3
In the Key field, click Browse; locate the file to upload.
Note
The key length must be 512, 1024, or 2048 bits. The private key file must be in PEM format. DER format
is not supported.
is not supported.
Step 4
If the key is encrypted, select Key is Encrypted.
Step 5
Click Upload Files.
Generating a Certificate and Key
Step 1
Select Use Generated Certificate and Key.
Step 2
Click Generate New Certificate and Key.
a.
In the Generate Certificate and Key dialog box, enter the necessary generation information.
Note
You can enter any ASCII character except the forward slash ( / ) in the Common Name field.
b.
Click Generate in the Generate Certificate and Key dialog box.
When generation is complete, the certificate information is displayed in the Certificate section,
along with two links: Download Certificate and Download Certificate Signing Request. In
addition, there is a Signed Certificate option that is used to upload the signed certificate when you
receive it from the Certificate Authority (CA).
along with two links: Download Certificate and Download Certificate Signing Request. In
addition, there is a Signed Certificate option that is used to upload the signed certificate when you
receive it from the Certificate Authority (CA).
Step 3
Click Download Certificate to download the new certificate for upload to the appliance.
Step 4
Click Download Certificate Signing Request to download the new certificate file for transmission to a
Certificate Authority (CA) for signing. See
Certificate Authority (CA) for signing. See
for more
information about this process.
a.
When the CA returns the signed certificate, click Browse in the Signed Certificate portion of the
Certificate field to locate the signed-certificate file, and then click Upload File to upload it to
the appliance.
Certificate field to locate the signed-certificate file, and then click Upload File to upload it to
the appliance.
b.
Ensure the CA’s root certificate is present in the appliance’s list of trusted root certificates. If it is
not, add it. See
not, add it. See
for more information.
Certificate Signing Requests
The Web Security appliance cannot generate Certificate Signing Requests (CSR) for certificates
uploaded to the appliance. Therefore, to have a certificate created for the appliance, you must issue the
signing request from another system. Save the PEM-formatted key from this system because you will
need to install it on the appliance later.
uploaded to the appliance. Therefore, to have a certificate created for the appliance, you must issue the
signing request from another system. Save the PEM-formatted key from this system because you will
need to install it on the appliance later.
You can use any UNIX machine with a recent version of OpenSSL installed. Be sure to put the appliance
hostname in the CSR. Use the guidelines at the following location for information on generating a CSR
using OpenSSL:
hostname in the CSR. Use the guidelines at the following location for information on generating a CSR
using OpenSSL:
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28