Cisco Cisco Web Security Appliance S660 Guida Utente
22-24
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Chapter 22 Perform System Administration Tasks
Certificate Management
Step 1
Choose System Administration > SSL Configuration.
Step 2
Click Edit Settings.
Step 3
Check the corresponding boxes to enable SSL v3 and TLS v1.x for these services:
•
Appliance Management Web User Interface – Changing this setting will disconnect all active
user connections.
user connections.
•
Proxy Services – Includes HTTPS Proxy and Credential Encryption for Secure Client. This section
also includes:
also includes:
–
Cipher(s) to Use – You can enter additional cipher suites to be used with Proxy Services
communications. Use colons (:) to separate the suites. The default cipher is
communications. Use colons (:) to separate the suites. The default cipher is
DEFAULT:+kEDH
;
however, this may change based on your ECDHE cipher selections. Be sure to enter only suites
appropriate to the TLS/SSL versions you have checked. Refer to
appropriate to the TLS/SSL versions you have checked. Refer to
for additional information, and
cipher lists.
To prevent use of a particular cipher, add an exclamation point (!) to the front of that string. For
example,
example,
!EXP-DHE-RSA-DES-CBC-SHA
.
–
Disable TLS Compression (Recommended) – You can check this box to disable TLS
compression; this is recommended for best security.
compression; this is recommended for best security.
•
Secure LDAP Services – Includes Authentication, External Authentication, SaaS SSO, and
Secure Mobility.
Secure Mobility.
•
Secure ICAP Services (External DLP) – Select the protocol(s) used to secure ICAP
communications between the appliance and external DLP (data loss prevention) servers. See
communications between the appliance and external DLP (data loss prevention) servers. See
for more information.
•
Update Service – Select the protocol(s) used for communications between the appliance and
available update servers. See
available update servers. See
information about update services.
Note
Cisco’s Update servers do not support SSL v3, therefore TLS 1.0 or above must be enabled for
the Cisco Update service. However, SSL v3 can still be used with a local update server, if it is
so configured—you must determine which versions of SSL/TLS are supported on that server.
the Cisco Update service. However, SSL v3 can still be used with a local update server, if it is
so configured—you must determine which versions of SSL/TLS are supported on that server.
Step 4
Click Submit.
Certificate Management
The appliance uses digital certificates to establish, confirm and secure a variety of connections. The
Certificate Management page lets you view and update current certificate lists, manage trusted root
certificates, and view blocked certificates.
Certificate Management page lets you view and update current certificate lists, manage trusted root
certificates, and view blocked certificates.
Related Topics
•
•
•