Cisco Cisco Web Security Appliance S170 사용자 가이드
U P L O A D I N G A C E R T I F I C A T E A N D K E Y F O R S E C U R E A U T H E N T I C A T I O N
C H A P T E R 5 : F I P S M A N A G E M E N T
75
On the Edit Key Management Settings page, you can perform the following tasks:
• Upload certificate and key for secure authentication. For more information, see
• Upload certificate and key for the HTTPS Proxy. For more information, see “Uploading
• Backup and restore certificates and keys the HSM card manages. For more information,
Uploading a Certificate and Key for Secure Authentication
When credential encryption is enabled, the appliance uses a digital certificate to securely
establish a connection with the client application. Then, using the secure HTTPS connection,
the clients send the authentication credentials to the Web Proxy for authentication. To
configure the appliance to use credential encryption, enable the Credential Encryption setting
in the global authentication settings. For more information, see “Sending Authentication
Credentials Securely” on page 383.
establish a connection with the client application. Then, using the secure HTTPS connection,
the clients send the authentication credentials to the Web Proxy for authentication. To
configure the appliance to use credential encryption, enable the Credential Encryption setting
in the global authentication settings. For more information, see “Sending Authentication
Credentials Securely” on page 383.
By default, the appliance uses the “IronPort Appliance Demo Certificate” and a
corresponding private key that is stored on the HSM card. However, you can choose to
upload a different certificate that the client applications on the network recognize along with
a private key that is stored on the HSM card. The appliance then uses this certificate and key
pair to establish the HTTPS session with clients.
corresponding private key that is stored on the HSM card. However, you can choose to
upload a different certificate that the client applications on the network recognize along with
a private key that is stored on the HSM card. The appliance then uses this certificate and key
pair to establish the HTTPS session with clients.
To upload a certificate and key to use for securely communicating authentication:
1. Log into the FIPS management console.
2. Click Edit Settings in the Key Management section.
3. View the Secure Authentication Certificate and Key section on the Edit Key Management
Settings page.
Figure 5-6 shows the Secure Authentication Certificate and Key section.
Figure 5-6 Secure Authentication Certificate and Key Section