Cisco Cisco Web Security Appliance S680 Guía Del Usuario
10-5
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 10 Create Decryption Policies to Control HTTPS Traffic
Certificates
Step 3
Enable the decryption options.
Authentication and HTTPS Connections
Authentication at the HTTPS connection layer is available for these types of requests:
Certificates
The HTTPS proxy uses the root certificates and private key files that you upload to the appliance to
decrypt traffic. The root certificate and private key files you upload to the appliance must be in PEM
format; DER format is not supported.
decrypt traffic. The root certificate and private key files you upload to the appliance must be in PEM
format; DER format is not supported.
You can enter root certificate information in the following ways:
•
Generate. You can enter some basic organization information and then click a button so the
appliance generates the rest of the certificate and a private key.
appliance generates the rest of the certificate and a private key.
•
Upload. You can upload a certificate file and its matching private key file created outside of the
appliance.
appliance.
Decryption Option
Description
Decrypt for
Authentication
Authentication
For users who have not been authenticated prior to this HTTPS transaction,
allow decryption for authentication.
allow decryption for authentication.
Decrypt for End-User
Notification
Notification
Allow decryption so that AsyncOS can display the end-user notification.
Note
If the certificate is invalid and invalid certificates are set to drop,
when running a policy trace, the first logged action for the transaction
will be “decrypt”.
when running a policy trace, the first logged action for the transaction
will be “decrypt”.
Decrypt for End-User
Acknowledgement
Acknowledgement
For users who have not acknowledged the web proxy prior to this HTTPS
transaction, allow decryption so that AsyncOS can display the end-user
acknowledgement.
transaction, allow decryption so that AsyncOS can display the end-user
acknowledgement.
Decrypt for Application
Detection
Detection
Enhances the ability of AsyncOS to detect HTTPS applications.
Option
Description
Explicit requests
•
secure client authentication disabled or
•
secure client authentication enabled and an IP-based surrogate
Transparent
requests
requests
•
IP-based surrogate, decryption for authentication enabled or
•
IP-based surrogate, client previously authenticated using an HTTP request