Cisco Cisco Web Security Appliance S170 사용자 가이드

I R O N P O R T A S Y N C O S 6 . 5 F O R W E B U S E R G U I D E

4. To upload a certificate, click Browse for the Certificate field and navigate to the certificate

file on your local machine.

5. To upload a key, click Browse for the Key field and navigate to the key file on your local

machine.

6. Click Upload Files after you select the files you want.

7. Submit your changes.

Uploading and Generating a Certificate and Key for the HTTPS Proxy

To monitor and decrypt HTTPS traffic, you must enable the HTTPS Proxy on the Security
Services > HTTPS Proxy page. When you enable the HTTPS Proxy, you must configure what
the appliance uses for a root certificate when it sends self-signed server certificates to the
client applications on the network. You can upload a root certificate and key that your
organization already has, or you can configure the appliance to generate a certificate and key
with information you enter. However, to enable the HTTPS Proxy on a FIPS-compliant Web
Security appliance, you must first use the FIPS management console to upload or generate a
root certificate and key. After the certificate and key pair is uploaded or generated, then you
can enable the HTTPS Proxy.

For more information, see “Enabling the HTTPS Proxy” on page 217.

To upload a certificate and key for the HTTPS Proxy:

1. Log into the FIPS management console.

2. Click Edit Settings in the Key Management section.

3. Scroll down to the HTTPS Proxy Certificate and Key section on the Edit Key Management

Settings page.

Figure 5-7 shows the HTTPS Proxy Certificate and Key section.

Figure 5-7 HTTPS Proxy Certificate and Key Section

4. Choose which root certificate to use for signing self-signed certificates the appliance sends

to clients:

• Generated certificate and key. Go to step 5 on page 77.