Cisco Cisco Web Security Appliance S690
3
Release Notes for AsyncOS 8.5.x for Cisco Web Security Appliances
New Features
New Features in Release 8.5.1
Release 8.5.1-021 (GD)
This release includes a specific bug fix; see the “Fixed issues” search in
for details.
Release 8.5.1-019 (MR)
This is a maintenance release; no new features were added.
Updater certificate
verification
verification
Two new certificate-related subcommands were added to the CLI command
updateconfig
to let you manage the certificates used by the update client
to verify the issuer of the server certificate.
The update client validates the update server certificate before downloading
updates. If certificate validation fails, alert notifications will be sent at
regular intervals with the reason for failure and update will be aborted. The
default generation of alerts will be at five minutes, 15 minutes, 35 minutes,
and finally at 60 minutes repeating interval (present behavior). When the
server certificate is finally validated, the update process will continue.
updates. If certificate validation fails, alert notifications will be sent at
regular intervals with the reason for failure and update will be aborted. The
default generation of alerts will be at five minutes, 15 minutes, 35 minutes,
and finally at 60 minutes repeating interval (present behavior). When the
server certificate is finally validated, the update process will continue.
If the update server points to
update-manifests.ironport.com
or
update-manifests.sco.cisco.com
and that server’s root signing
certificate is not flagged as “not trusted,” the updates/upgrades process will
operate without any issues. For other update servers, you must explicitly
upload the appropriate certificate for update/upgrade purposes.
operate without any issues. For other update servers, you must explicitly
upload the appropriate certificate for update/upgrade purposes.
The new
updateconfig
subcommands are:
•
validate_certificates
Lets you turn off or on update server certificate validation (enter
yes
or
no
); it is on by default.
•
trusted_certificates
Available options are:
–
list
– Display a list of current trusted certificates used for updates.
–
add
– Upload new trusted certificates for updates. Provide the
certificate text (PEM format) and then enter a . (dot, full stop,
period) to indicate the end of the certificate. Repeat this process to
add another certificate. To exit certificate-upload mode, press the
Enter key.
period) to indicate the end of the certificate. Repeat this process to
add another certificate. To exit certificate-upload mode, press the
Enter key.
–
delete
– Delete a current update certificate, as identified by its
name or number in the
list
output.
Note
UPDATER.UPDATERD.SERVER_CERT_ERROR
is a new updater log entry
that will be recorded upon a server certificate-validation failure.
Feature Description