Cisco Cisco Web Security Appliance S680 Guía Del Usuario
22-26
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 22 Perform System Administration Tasks
Certificate Management
Step 4
To override the trust for one or more Cisco-recognized certificates:
a.
Check the Override Trust checkbox for each entry you wish to override.
b.
Click Submit.
Step 5
To download a copy of a particular certificate:
a.
Click the name of the certificate in the Cisco Trusted Root Certificate List to expand that entry.
b.
Click Download Certificate.
Certificate Updates
The Updates section lists version and last-updated information for the Cisco trusted-root-certificate and
blacklist bundles on the appliance. These bundles are updated periodically.
blacklist bundles on the appliance. These bundles are updated periodically.
Step 1
Click Update Now on the Certificate Management page to update all bundles for which updates
are available.
are available.
Viewing Blocked Certificates
To view a list of certificates which Cisco has determined to be invalid, and has blocked:
Step 1
Click View Blocked Certificates.
Uploading or Generating a Certificate and Key
Certain AsyncOS features require a certificate and key to establish, confirm or secure a connection; for
example, Identity Services Engine (ISE) and Identity Provider for SaaS. You can either upload an
existing certificate and key, or you can generate one when you configure the feature.
example, Identity Services Engine (ISE) and Identity Provider for SaaS. You can either upload an
existing certificate and key, or you can generate one when you configure the feature.
Uploading a Certificate and Key
A certificate you upload to the appliance must meet the following requirements:
•
It must use the X.509 standard.
•
It must include a matching private key in PEM format. DER format is not supported.
Step 1
Select Use Uploaded Certificate and Key.
Step 2
In the Certificate field, click Browse; locate the file to upload.
Note
The Web Proxy uses the first certificate or key in the file. The certificate file must be in PEM format.
DER format is not supported.
DER format is not supported.