Cisco Cisco Web Security Appliance S170 Guía Del Usuario
11-10
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 11 Processing HTTPS Traffic
Managing Certificate Validation and Decryption for HTTPS
Step 8
(Optional) Click Download Certificate so you can transfer it to the client applications on the network.
Step 9
(Optional) Click the Download Certificate Signing Request link. so you can submit the Certificate
Signing Request (CSR) to a certificate authority (CA).
Signing Request (CSR) to a certificate authority (CA).
Step 10
(Optional) Upload the signed certificate to the Web Security appliance after receiving it back from the
CA. You can do this at anytime after generating the certificate on the appliance.
CA. You can do this at anytime after generating the certificate on the appliance.
Step 11
Submit and commit changes.
Related topics
•
Configuring Decryption Options
Before you begin
•
Verify that the HTTPS proxy is enabled as described in
Step 1
Navigate to the Security Services > HTTPS Proxy page.
Step 2
Click Edit Settings.
Step 3
Enable the decryption options.
Configuring Invalid Certificate Handling
Before you begin
•
Verify that the HTTPS proxy is enabled as described in
Step 1
Navigate to the Security Services > HTTPS Proxy page.
Decryption Option
Description
Decrypt for Authentication
For users who have not been authenticated prior to this
HTTPS transaction, allow decryption for authentication.
HTTPS transaction, allow decryption for authentication.
Decrypt for End-User Notification
Allow decryption so that AsyncOS can display the
end-user notification.
end-user notification.
Note
If the certificate is invalid and invalid certificates are set to
drop, when running a policy trace, the first logged action
for the transaction will be “decrypt”.
drop, when running a policy trace, the first logged action
for the transaction will be “decrypt”.
Decrypt for End-User Acknowledgement
For users who have not acknowledged the web proxy prior
to this HTTPS transaction, allow decryption so that
AsyncOS can display the end-user acknowledgement.
to this HTTPS transaction, allow decryption so that
AsyncOS can display the end-user acknowledgement.
Decrypt for Application Detection
Enhances the ability of AsyncOS to detect HTTPS
applications.
applications.