Cisco Cisco Web Security Appliance S170 사용자 가이드

Upload certificate and key for the HTTPS Proxy. For more information, see 

.

Upload certificate and key for SaaS Access Control. For more information, see 

.

Backup and restore certificates and keys the HSM card manages. For more information, see 

When credential encryption is enabled, the appliance uses a digital certificate to securely establish a 
connection with the client application. Then, using the secure HTTPS connection, the clients send the 
authentication credentials to the Web Proxy for authentication. To configure the appliance to use 
credential encryption, enable the Credential Encryption setting in the global authentication settings. For 
more information, see 

By default, the appliance uses the “Cisco IronPort Web Security Appliance Demo Certificate” and a 
corresponding private key that is stored on the HSM card. However, you can choose to upload a different 
certificate that the client applications on the network recognize along with a private key that is stored on 
the HSM card. The appliance then uses this certificate and key pair to establish the HTTPS session with 
clients.

To upload a certificate and key to use for securely communicating authentication:

Log into the FIPS management console.

Click Edit Settings in the Key Management section.

View the Secure Authentication Certificate and Key section on the Edit Key Management Settings page.

 shows the Secure Authentication Certificate and Key section.

To upload a certificate, click Browse for the Certificate field and navigate to the certificate file on your 
local machine. 

If the file you upload contains multiple certificates or keys, the Web Proxy uses the first certificate or 
key in the file.

The certificate file must be in PEM format. DER format is not supported.

To upload a key, click Browse for the Key field and navigate to the key file on your local machine. The 
private key must be unencrypted.