Cisco Cisco Expressway 관리 매뉴얼
Field
Description
Usage tips
HTTP Strict
Transport
Security
(HSTS)
Transport
Security
(HSTS)
Determines whether web browsers are
instructed to only ever use a secure
connection to access this server.
Enabling this feature gives added
protection against man-in-the-middle
(MITM) attacks.
instructed to only ever use a secure
connection to access this server.
Enabling this feature gives added
protection against man-in-the-middle
(MITM) attacks.
On: the Strict-Transport-Security
header is sent with all responses from
the web server, with a 1 year expiry
time.
header is sent with all responses from
the web server, with a 1 year expiry
time.
Off: the Strict-Transport-Security
header is not sent, and browsers work
as normal.
header is not sent, and browsers work
as normal.
Default is On.
See below for more information about HSTS.
Client
certificate-
based
security
certificate-
based
security
Controls the level of security required
to allow client systems (typically web
browsers) to communicate with the
Expressway over HTTPS.
to allow client systems (typically web
browsers) to communicate with the
Expressway over HTTPS.
Not required: the client system does
not have to present any form of
certificate.
not have to present any form of
certificate.
Certificate validation: the client system
must present a valid certificate that
has been signed by a trusted
certificate authority (CA). Note that a
restart is required if you are changing
from Not required to Certificate
validation.
must present a valid certificate that
has been signed by a trusted
certificate authority (CA). Note that a
restart is required if you are changing
from Not required to Certificate
validation.
Certificate-based authentication: the
client system must present a valid
certificate that has been signed by a
trusted CA and contains the client's
authentication credentials.
client system must present a valid
certificate that has been signed by a
trusted CA and contains the client's
authentication credentials.
Default: Not required
Important
:
Enabling Certificate validation means that your browser
(the client system) can use the Expressway web
interface only if it has a valid (in date and not revoked by
a CRL) client certificate that is signed by a CA in the
Expressway's trusted CA certificate list.
(the client system) can use the Expressway web
interface only if it has a valid (in date and not revoked by
a CRL) client certificate that is signed by a CA in the
Expressway's trusted CA certificate list.
Ensure your browser has a valid client certificate before
enabling this feature. The procedure for uploading a
certificate to your browser may vary depending on the
browser type and you may need to restart your browser
for the certificate to take effect.
enabling this feature. The procedure for uploading a
certificate to your browser may vary depending on the
browser type and you may need to restart your browser
for the certificate to take effect.
page, and test
page.
Enabling Certificate-based authentication means that
the standard login mechanism is no longer available.
You can log in only if your browser certificate is valid and
the credentials it provides have the appropriate
authorization levels. You can configure how the
Expressway extracts credentials from the browser
certificate on the
the standard login mechanism is no longer available.
You can log in only if your browser certificate is valid and
the credentials it provides have the appropriate
authorization levels. You can configure how the
Expressway extracts credentials from the browser
certificate on the
page.
This setting does not affect client verification of the
Expressway's server certificate.
Expressway's server certificate.
28
Cisco Expressway Administrator Guide