Cisco Cisco Web Security Appliance S190 Guía Del Usuario
I M P O R T I N G A T R U S T E D R O O T C E R T I F I C A T E
C H A P T E R 1 0 : D E C R Y P T I O N P O L I C I E S
211
I M P O R T I N G A TR U S T E D R O O T C E R T I F I C A T E
When the Web Proxy receives a connection request for an HTTPS server, it validates the
trustworthiness of the destination server by verifying the root certificate authority that signed
the server certificate. If the Web Proxy does not recognize the root certificate that signed the
server certificate, then it does not trust the server certificate. This happens when the HTTPS
server uses a certificate authority that is not listed in the set of trusted certificate authorities
that ship with the Web Security appliance. This might happen if your organization uses an
internal certificate authority to sign certificates for servers on the internal network.
trustworthiness of the destination server by verifying the root certificate authority that signed
the server certificate. If the Web Proxy does not recognize the root certificate that signed the
server certificate, then it does not trust the server certificate. This happens when the HTTPS
server uses a certificate authority that is not listed in the set of trusted certificate authorities
that ship with the Web Security appliance. This might happen if your organization uses an
internal certificate authority to sign certificates for servers on the internal network.
To prevent the Web Proxy from potentially blocking access to servers with unrecognized root
certificate authorities, you can upload to the appliance root certificates that your organization
trusts. For example, you might want to upload a root certificate used by the servers on your
network.
certificate authorities, you can upload to the appliance root certificates that your organization
trusts. For example, you might want to upload a root certificate used by the servers on your
network.
You can upload multiple root certificate files to the appliance, and each file you upload can
contain multiple root certificates. However, each certificate you upload must be a root
certificate.
contain multiple root certificates. However, each certificate you upload must be a root
certificate.
To import a trusted root certificate:
1. Navigate to the Security Services > HTTPS Proxy page.
2. In the Custom Root Authority Certificates section, click Import.
3. In the Import Custom Root Authority Certificate File, click Browse.
4. Navigate to the location where the custom root authority certificate file is located and
click Open.
5. Click Submit.
The uploaded root certificate is displayed in the “Custom Root Authority Certificates”
section.
section.
7. Commit your changes.