Cisco Cisco Web Security Appliance S390 ユーザーガイド
22-23
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 22 Perform System Administration Tasks
Certificate Management
•
Appliance Management Web User Interface – Changing this setting will disconnect all active
user connections.
user connections.
•
Proxy Services – Includes HTTPS Proxy and Credential Encryption for Secure Client. This section
also includes:
also includes:
–
Cipher(s) to Use – You can enter additional cipher suites to be used with Proxy Services
communications. Use colons (:) to separate the suites. To prevent use of a particular cipher, add an
exclamation point (!) to the front of that string. For example,
communications. Use colons (:) to separate the suites. To prevent use of a particular cipher, add an
exclamation point (!) to the front of that string. For example,
!EXP-DHE-RSA-DES-CBC-SHA
.
Be sure to enter only suites appropriate to the TLS/SSL versions you have checked.
–
Disable TLS Compression (Recommended) – You can check this box to disable TLS
compression; this is recommended for best security.
compression; this is recommended for best security.
•
Secure LDAP Services – Includes Authentication, External Authentication, SaaS SSO, and
Secure Mobility.
Secure Mobility.
•
Secure ICAP Services (External DLP) – Select the protocol(s) used to secure ICAP
communications between the appliance and external DLP (data loss prevention) servers. See
communications between the appliance and external DLP (data loss prevention) servers. See
for more information.
•
Update Service – Select the protocol(s) used for communications between the appliance and
available update servers. See
available update servers. See
information about update services.
Note
Cisco’s Update servers do not support SSL v3, therefore TLS 1.0 or above must be enabled for
the Cisco Update service. However, SSL v3 can still be used with a local update server, if it is
so configured—you must determine which versions of SSL/TLS are supported on that server.
the Cisco Update service. However, SSL v3 can still be used with a local update server, if it is
so configured—you must determine which versions of SSL/TLS are supported on that server.
Step 4
Click Submit.
Note
You also can use the
sslv3config
CLI command to enable or disable these features. Further, you can
use the
sslconfig
command,
ECDHE
option, to enable or disable ECDHE cipher use for LDAP services.
Certificate Management
The appliance uses digital certificates to establish, confirm and secure a variety of connections. The
Certificate Management page lets you view and update current certificate lists, manage trusted root
certificates, and view blocked certificates.
Certificate Management page lets you view and update current certificate lists, manage trusted root
certificates, and view blocked certificates.
Related Topics
•
•
•
•