Cisco Cisco Web Security Appliance S170 사용자 가이드

The key length must be 1024 or 2048 bits. Only RSA keys are supported. Also, the private key 
file must be in PEM format. DER format is not supported. 

Click Upload Files after you select the files you want.

Submit your changes.

To monitor and decrypt HTTPS traffic, you must enable the HTTPS Proxy on the Security Services > 
HTTPS Proxy page. When you enable the HTTPS Proxy, you must configure what the appliance uses 
for a root certificate when it sends self-signed server certificates to the client applications on the 
network. You can upload a root certificate and key that your organization already has, or you can 
configure the appliance to generate a certificate and key with information you enter. However, to enable 
the HTTPS Proxy on a FIPS-compliant Web Security appliance, you must first use the FIPS management 
console to upload or generate a root certificate and key. After the certificate and key pair is uploaded or 
generated, then you can enable the HTTPS Proxy.

For more information, see 

To upload a certificate and key for the HTTPS Proxy:

Log into the FIPS management console.

Click Edit Settings in the Key Management section.

Scroll down to the HTTPS Proxy Certificate and Key section on the Edit Key Management Settings page.

 shows the HTTPS Proxy Certificate and Key section.

Choose which root certificate to use for signing self-signed certificates the appliance sends to clients:

Uploaded certificate and key. Go to step 

 on page 10.

Generated certificate and key. Go to step 

 on page 10.

For more information about how the appliance uses these root certificates, see 

.