Cisco Cisco Web Security Appliance S170 사용자 가이드

You can choose how to handle the root certificates issued by the Web Security appliance:

Inform users to accept the root certificate. You can inform the users in your organization what the 
new policies are at the company and tell them to accept the root certificate supplied by the 
organization as a trusted source.

Add the root certificate to client machines. You can add the root certificate to all client machines 
on the network as a trusted root certificate authority. This way, the client applications automatically 
accept transactions with the root certificate. To verify you distribute the root certificate the appliance 
is using, you can download the root certificate from the Security Services > HTTPS Proxy page. 
Click Edit Settings, and then click the Download Certificate link for either the generated or 
uploaded certificate.

You might want to download the root certificate from the appliance if a different person uploaded 
the root certificate to the appliance and you want to verify you distribute the same root certificate to 
the client machines.

To reduce the possibility of client machines getting a certificate error, submit the changes 
after you generate or upload the root certificate to the Web Security appliance, then 
distribute the certificate to client machines, and then commit the changes to the appliance. 

Depending on how the HTTPS Proxy is configured and the configured Decryption Policies, the HTTPS 
Proxy may decrypt HTTPS connections to web applications. This allows the AVC engine to more 
accurately detect and block web applications that use HTTPS. These web applications may use web 
browsers or other client applications, such as instant messaging applications.

Root certificate information either 
generated or uploaded in the Web 
Security appliance.

Validity period specified in either 
the generated or uploaded root 
certificate.

Requested HTTPS server.