Cisco Cisco Web Security Appliance S670 User Guide
10-11
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 10 Decryption Policies
Digital Certificates
Figure 10-2
Certification Path Example
In
, the certificate for the URL investing.schwab.com was signed by
certificate authority “VeriSign Class 3 Extended Validation SSL CA,” which in
turn was signed by certificate authority VeriSign.
turn was signed by certificate authority VeriSign.
By definition, root certificates are always trusted by applications that follow the
X.509 standard. The Web Security appliance uses the X.509 standard.
X.509 standard. The Web Security appliance uses the X.509 standard.
Standard web browsers ship with a set of trusted root certificates. The list of root
certificates is updated regularly. You can view the root certificates installed on the
web browser.
certificates is updated regularly. You can view the root certificates installed on the
web browser.
For example, to view the root certificates installed with Mozilla Firefox 2.0, go to
Tools > Options > Advanced > Encryption > View Certificates. To view the root
certificates installed with Internet Explorer 7, go to Tools > Internet Options >
Content > Certificates > Trusted Root Certification Authorities.
Tools > Options > Advanced > Encryption > View Certificates. To view the root
certificates installed with Internet Explorer 7, go to Tools > Internet Options >
Content > Certificates > Trusted Root Certification Authorities.
In
, the VeriSign certificate is a root certificate that shipped with the
web browser.