Cisco Cisco Web Security Appliance S680 Guía Del Usuario
A-6
Cisco IronPort AsyncOS 7.7 for Web User Guide
Appendix A HTTPS Reference
Decrypting HTTPS Traffic
Figure A-2
Certification Path Example
In
, the certificate for the URL investing.schwab.com was signed by certificate authority
“VeriSign Class 3 Extended Validation SSL CA,” which in turn was signed by certificate authority
VeriSign.
VeriSign.
By definition, root certificates are always trusted by applications that follow the X.509 standard. The
Web Security appliance uses the X.509 standard.
Web Security appliance uses the X.509 standard.
Standard web browsers ship with a set of trusted root certificates. The list of root certificates is updated
regularly . You can view the root certificates installed on the web browser.
regularly . You can view the root certificates installed on the web browser.
For example, to view the root certificates installed with Mozilla Firefox 2.0, go to Tools > Options >
Advanced > Encryption > View Certificates. To view the root certificates installed with Internet Explorer
7, go to Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities.
Advanced > Encryption > View Certificates. To view the root certificates installed with Internet Explorer
7, go to Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities.
In
, the VeriSign certificate is a root certificate that shipped with the web browser.
The Web Security appliance also installs with a set of trusted root certificates. However, you can upload
additional root certificates that the Web Proxy deems to be trusted. For more information about this, see
additional root certificates that the Web Proxy deems to be trusted. For more information about this, see
.
Decrypting HTTPS Traffic
The request and response data is encrypted for HTTPS connections before it is sent across the network.
Because the data is encrypted, third parties can view the data, but cannot decrypt it to read its contents
without the private key of the HTTPS server.
Because the data is encrypted, third parties can view the data, but cannot decrypt it to read its contents
without the private key of the HTTPS server.
shows an HTTPS connection between a client and a HTTPS server.