Cisco Cisco Web Security Appliance S160 Guía Del Usuario
22-24
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 22 Perform System Administration Tasks
Certificate Management
About Certificates and Keys
When a browser prompts its user to authenticate, the browser sends the authentication credentials to
the Web Proxy using a secure HTTPS connection. By default, the Web Security appliance uses the
“Cisco Web Security Appliance Demo Certificate” that comes with it to create an HTTPS connection
with the client. Most browsers will warn users that the certificate is not valid. To prevent users from
seeing the invalid certificate message, you can upload a certificate and key pair that your applications
recognize automatically.
the Web Proxy using a secure HTTPS connection. By default, the Web Security appliance uses the
“Cisco Web Security Appliance Demo Certificate” that comes with it to create an HTTPS connection
with the client. Most browsers will warn users that the certificate is not valid. To prevent users from
seeing the invalid certificate message, you can upload a certificate and key pair that your applications
recognize automatically.
Related Topics
•
•
•
Managing Trusted Root Certificates
The Web Security appliance ships with and maintains a list of trusted root certificates. Web sites with
trusted certificates do not require decryption.
trusted certificates do not require decryption.
You can manage the trusted certificate list, adding certificates to it and functionally removing certificates
from it. While the Web Security appliance does not delete certificates from the master list, it allows you
to override trust in a certificate, which functionally removes the certificate from the trusted list.
from it. While the Web Security appliance does not delete certificates from the master list, it allows you
to override trust in a certificate, which functionally removes the certificate from the trusted list.
To add, override or download a trusted root certificate:
Step 1
Choose Network > Certificate Management.
Step 2
Click Manage Trusted Root Certificates on the Certificate Management page.
Step 3
To add a custom trusted root certificate with a signing authority not on the Cisco-recognized list:
•
Click Import and then browse to, select, and Submit the certificate file.
Step 4
To override the trust for one or more Cisco-recognized certificates:
a.
Check the Override Trust checkbox for each entry you wish to override.
b.
Click Submit.
Step 5
To download a copy of a particular certificate:
a.
Click the name of the certificate in the Cisco Trusted Root Certificate List to expand that entry.
b.
Click Download Certificate.
Certificate Updates
The Updates section lists version and last-updated information for the Cisco trusted-root-certificate and
blacklist bundles on the appliance. These bundles are updated periodically.
blacklist bundles on the appliance. These bundles are updated periodically.
Step 1
Click Update Now on the Certificate Management page to update all bundles for which updates
are available.
are available.