Cisco Cisco Web Security Appliance S170 ユーザーガイド
8-3
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 8 Integrate the Cisco Identity Services Engine
Tasks for Integrating the Identity Services Engine Service
–
The appropriate CA root certificate(s) must be present in the Trusted Certificates list on the
WSA (Network > Certificate Management > Manage Trusted Root Certificates). If not present,
upload the CA root certificate(s) for the Primary pxGrid and Admin certificates, and for the
Secondary pxGrid and Admin certificates to the ISE configuration page.
WSA (Network > Certificate Management > Manage Trusted Root Certificates). If not present,
upload the CA root certificate(s) for the Primary pxGrid and Admin certificates, and for the
Secondary pxGrid and Admin certificates to the ISE configuration page.
Related Topics
•
•
•
Tasks for Integrating the Identity Services Engine Service
Step
Task
Links to Related Topics and Procedures
1
Configure WSA
Client certificate.
Client certificate.
•
Create or upload a CA-signed or self-signed WSA Client certificate
to the WSA. Download the certificate for upload to the ISE server.
See
to the WSA. Download the certificate for upload to the ISE server.
See
, and
.
2
Add WSA Client Certificate
to ISE server.
to ISE server.
•
On the ISE server, import the WSA Client certificate downloaded
from the WSA in the previous step, adding it to the Trusted
Certificate list. (Navigate to Administration > Certificates > Trusted
Certificates > Import.)
from the WSA in the previous step, adding it to the Trusted
Certificate list. (Navigate to Administration > Certificates > Trusted
Certificates > Import.)
3
Configure ISE Admin and
pxGrid certificates on the
ISE server.
pxGrid certificates on the
ISE server.
•
On the ISE server, navigate to Administration > Certificates page.
–
For CA-signed certificates, generate two Certificate Signing
Requests, one each for Admin and pxGrid Usage, and then have
the certificates signed. Verify that the CA root certificate is
present in the ISE server’s Trusted Certificates list.
Requests, one each for Admin and pxGrid Usage, and then have
the certificates signed. Verify that the CA root certificate is
present in the ISE server’s Trusted Certificates list.
Upon receipt of the signed certificates, upload them to the ISE
server, Perform the Bind the CA Signed Certificate operation for
both, and then restart the ISE server.
server, Perform the Bind the CA Signed Certificate operation for
both, and then restart the ISE server.
–
For self-signed certificates, navigate to Administration >
Certificates > System Certificates, and generate one or two Self
Signed Certificates, one each for Admin and pxGrid. (You can
also elect to generate one common certificate for both.)
Certificates > System Certificates, and generate one or two Self
Signed Certificates, one each for Admin and pxGrid. (You can
also elect to generate one common certificate for both.)
Export the self-signed certificate(s) for import on the WSA.
Note
Ensure the appropriate certificates are added to the Trusted
Certificates list, as discussed in
Certificates list, as discussed in