Cisco Cisco Web Security Appliance S690 User Guide
Chapter 10 Decryption Policies
Decrypting HTTPS Traffic
10-20
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Step 1
Create a custom URL category in the first position of custom URL categories and
enter the following addresses:
enter the following addresses:
•
aimpro.premiumservices.aol.com
•
bos.oscar.aol.com
•
kdc.uas.aol.com
•
buddyart-d03c-sr1.blue.aol.com
•
205.188.8.207
•
205.188.248.133
•
205.188.13.36
•
64.12.29.131
Step 2
part of the policy group membership. Depending on the other Decryption Policies
configured, you might want to place this Decryption Policy at the top of the list.
configured, you might want to place this Decryption Policy at the top of the list.
Step 3
Configure the Decryption Policy to pass through all traffic to the custom URL
category.
category.
Step 4
Choose pass through as the default action for the Decryption Policy.
Step 5
Submit and commit your changes.
Converting Certificate and Key Formats
The root certificate and private key files you upload to the appliance must be in
PEM format. DER format is not supported. However, you can convert certificates
and keys in DER format into the PEM format before uploading them. For
example, you can use OpenSSL to convert the format.
PEM format. DER format is not supported. However, you can convert certificates
and keys in DER format into the PEM format before uploading them. For
example, you can use OpenSSL to convert the format.
Use the following OpenSSL command to convert a DER formatted certificate file
to a PEM formatted certificate file:
to a PEM formatted certificate file:
openssl x509 -inform DER -in
cert_in_DER
-outform PEM -out
out_file_name
You can also convert key files in DER format into the PEM format by running a
similar OpenSSL command.
similar OpenSSL command.
For RSA keys, use the following command: