Cisco Cisco Web Security Appliance S170 사용자 가이드
5-9
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 5 FIPS Management
Managing Certificates and Keys
Note
The key length must be 1024 or 2048 bits. Only RSA keys are supported. Also, the private key
file must be in PEM format. DER format is not supported.
file must be in PEM format. DER format is not supported.
Step 6
Click Upload Files after you select the files you want.
Step 7
Submit your changes.
Uploading and Generating a Certificate and Key for the HTTPS Proxy
To monitor and decrypt HTTPS traffic, you must enable the HTTPS Proxy on the Security Services >
HTTPS Proxy page. When you enable the HTTPS Proxy, you must configure what the appliance uses
for a root certificate when it sends self-signed server certificates to the client applications on the
network. You can upload a root certificate and key that your organization already has, or you can
configure the appliance to generate a certificate and key with information you enter. However, to enable
the HTTPS Proxy on a FIPS-compliant Web Security appliance, you must first use the FIPS management
console to upload or generate a root certificate and key. After the certificate and key pair is uploaded or
generated, then you can enable the HTTPS Proxy.
HTTPS Proxy page. When you enable the HTTPS Proxy, you must configure what the appliance uses
for a root certificate when it sends self-signed server certificates to the client applications on the
network. You can upload a root certificate and key that your organization already has, or you can
configure the appliance to generate a certificate and key with information you enter. However, to enable
the HTTPS Proxy on a FIPS-compliant Web Security appliance, you must first use the FIPS management
console to upload or generate a root certificate and key. After the certificate and key pair is uploaded or
generated, then you can enable the HTTPS Proxy.
For more information, see
To upload a certificate and key for the HTTPS Proxy:
Step 1
Log into the FIPS management console.
Step 2
Click Edit Settings in the Key Management section.
Step 3
Scroll down to the HTTPS Proxy Certificate and Key section on the Edit Key Management Settings page.
shows the HTTPS Proxy Certificate and Key section.
Figure 5-7
HTTPS Proxy Certificate and Key Section
Step 4
Choose which root certificate to use for signing self-signed certificates the appliance sends to clients:
•
Uploaded certificate and key. Go to step
•
Generated certificate and key. Go to step
on page 10.
.