Cisco Cisco Web Security Appliance S170 Guía Del Usuario
10-37
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 10 Decryption Policies
Importing a Trusted Root Certificate
Note
The configured default action only affects the action on the HTTPS request when
web reputation filtering is not enabled, or when it is enabled and the server has no
score assigned and the action for servers with no scores is to Monitor.
web reputation filtering is not enabled, or when it is enabled and the server has no
score assigned and the action for servers with no scores is to Monitor.
Importing a Trusted Root Certificate
When the Web Proxy receives a connection request for an HTTPS server, it
validates the trustworthiness of the destination server by verifying the root
certificate authority that signed the server certificate. If the Web Proxy does not
recognize the root certificate that signed the server certificate, then it does not
trust the server certificate. This happens when the HTTPS server uses a certificate
authority that is not listed in the set of trusted certificate authorities that ship with
the Web Security appliance. This might happen if your organization uses an
internal certificate authority to sign certificates for servers on the internal
network.
validates the trustworthiness of the destination server by verifying the root
certificate authority that signed the server certificate. If the Web Proxy does not
recognize the root certificate that signed the server certificate, then it does not
trust the server certificate. This happens when the HTTPS server uses a certificate
authority that is not listed in the set of trusted certificate authorities that ship with
the Web Security appliance. This might happen if your organization uses an
internal certificate authority to sign certificates for servers on the internal
network.
To prevent the Web Proxy from potentially blocking access to servers with
unrecognized root certificate authorities, you can upload to the appliance root
certificates that your organization trusts. For example, you might want to upload
a root certificate used by the servers on your network.
unrecognized root certificate authorities, you can upload to the appliance root
certificates that your organization trusts. For example, you might want to upload
a root certificate used by the servers on your network.
You can upload multiple root certificate files to the appliance, and each file you
upload can contain multiple root certificates. However, each certificate you
upload must be a root certificate.
upload can contain multiple root certificates. However, each certificate you
upload must be a root certificate.
To import a trusted root certificate:
Step 1
Navigate to the Security Services > HTTPS Proxy page.
Step 2
In the Custom Root Authority Certificates section, click Import.