Cisco Cisco Web Security Appliance S380 User Guide
8-3
AsyncOS 9.1 for Cisco Web Security Appliances User Guide
Chapter 8 Integrate the Cisco Identity Services Engine
Tasks for Certifying and Integrating the ISE Service
Related Topics
•
•
•
•
•
Using Self-signed Certificates
When self-signed certificates are used on the ISE server, all three certificates—the ISE pxGrid and
Admin certificates, developed on the ISE server, as well as the WSA Client certificate, developed on the
WSA—must be added to the Trusted Certificates store on the ISE server (Administration > Certificates
> Trusted Certificates > Import).
Admin certificates, developed on the ISE server, as well as the WSA Client certificate, developed on the
WSA—must be added to the Trusted Certificates store on the ISE server (Administration > Certificates
> Trusted Certificates > Import).
Using CA-signed Certificates
In the case of CA-signed certificates:
•
On the ISE server, ensure the appropriate CA root certificate for the WSA Client certificate is
present in the Trusted Certificates store (Administration > Certificates > Trusted Certificates).
present in the Trusted Certificates store (Administration > Certificates > Trusted Certificates).
•
On the WSA, ensure the appropriate CA root certificates are present in the Trusted Certificates list
(Network > Certificate Management > Manage Trusted Root Certificates). On the Identity Services
Engine page (Network > Identity Services Engine), be sure to upload the CA root certificate(s) for
the ISE Admin and pxGrid certificates.
(Network > Certificate Management > Manage Trusted Root Certificates). On the Identity Services
Engine page (Network > Identity Services Engine), be sure to upload the CA root certificate(s) for
the ISE Admin and pxGrid certificates.
Tasks for Certifying and Integrating the ISE Service
Step
Task
Links to Related Topics and Procedures
1a
On the WSA, add a WSA
Client certificate.
Client certificate.
•
Create or upload a CA-signed or self-signed WSA Client certificate
on the WSA.
on the WSA.
See
1b
On the WSA, download this
WSA Client certificate for
upload to the ISE server.
WSA Client certificate for
upload to the ISE server.
•
Download the WSA Client certificate, save it, and then transfer it to
the ISE server.
the ISE server.
See
2
If the WSA Client
Certificate is self-signed,
upload it and its signing
certificate to the ISE server.
Certificate is self-signed,
upload it and its signing
certificate to the ISE server.
•
Import the WSA Client certificate downloaded from the WSA in the
previous step, adding it to the ISE server’s Trusted Certificate store.
(Administration > Certificates > Trusted Certificates > Import.)
previous step, adding it to the ISE server’s Trusted Certificate store.
(Administration > Certificates > Trusted Certificates > Import.)
•
Be sure to also add the appropriate signing certificate for this WSA
Client certificate to the Trusted Certificates store on the ISE server,
as discussed in
Client certificate to the Trusted Certificates store on the ISE server,
as discussed in
.