Cisco Cisco Web Security Appliance S380 User Guide
22-25
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 22 Perform System Administration Tasks
Certificate Management
Viewing Blocked Certificates
To view a list of certificates which Cisco has determined to be invalid, and has blocked:
Step 1
Click View Blocked Certificates.
Uploading or Generating a Certificate and Key
Certain AsyncOS features require a certificate and key to establish, confirm or secure a connection; for
example, Identity Services Engine (ISE) and Identity Provider for SaaS. You can either upload an
existing certificate and key, or you can generate one when you configure the feature.
example, Identity Services Engine (ISE) and Identity Provider for SaaS. You can either upload an
existing certificate and key, or you can generate one when you configure the feature.
Uploading a Certificate and Key
A certificate you upload to the appliance must meet the following requirements:
•
It must use the X.509 standard.
•
It must include a matching private key in PEM format. DER format is not supported.
Step 1
Select Use Uploaded Certificate and Key.
Step 2
In the Certificate field, click Browse; locate the file to upload.
Note
The Web Proxy uses the first certificate or key in the file. The certificate file must be in PEM format.
DER format is not supported.
DER format is not supported.
Step 3
In the Key field, click Browse; locate the file to upload.
Note
The key length must be 512, 1024, or 2048 bits. The private key file must be in PEM format. DER format
is not supported.
is not supported.
Step 4
If the key is encrypted, select Key is Encrypted.
Step 5
Click Upload Files.
Generating a Certificate and Key
Step 1
Select Use Generated Certificate and Key.
Step 2
Click Generate New Certificate and Key.
a.
In the Generate Certificate and Key dialog box, enter the necessary generation information.
Note
You can enter any ASCII character except the forward slash ( / ) in the Common Name field.