Cisco Cisco Web Security Appliance S170 사용자 가이드

C O N V E R T I N G C E R T I F I C A T E A N D K E Y F O R M A T S

C H A P T E R 1 1 : D E C R Y P T I O N P O L I C I E S

215

Figure 11-6 Certificate Issued by Web Security Appliance

You can choose how to handle the root certificates issued by the Web Security appliance:

• Inform users to accept the root certificate. You can inform the users in your organization

what the new policies are at the company and tell them to accept the root certificate
supplied by the organization as a trusted source.

• Add the root certificate to client machines. You can add the root certificate to all client

machines on the network as a trusted root certificate authority. This way, the client
applications automatically accept transactions with the root certificate. To verify you
distribute the root certificate the appliance is using, you can download the root certificate
from the Security Services > HTTPS Proxy page. Click Edit Settings, and then click the
Download Certificate link for either the generated or uploaded certificate.

You might want to download the root certificate from the appliance if a different person
uploaded the root certificate to the appliance and you want to verify you distribute the
same root certificate to the client machines.

Converting Certificate and Key Formats

The root certificate file and its matching key file you upload to the appliance must be in PEM
format. DER format is not supported. However, you can convert certificates and keys in DER
format into the PEM format before uploading them. For example, you can use OpenSSL to
convert the format.

Root certificate
information either
generated or uploaded in
the Web Security
appliance.

Validity period specified
in either the generated or
uploaded root certificate.

Requested HTTPS server.