Cisco Cisco Web Security Appliance S170 사용자 가이드

The configured default action only affects the action on the HTTPS request when 
web reputation filtering is not enabled, or when it is enabled and the server has no 
score assigned and the action for servers with no scores is to Monitor.

When the Web Proxy receives a connection request for an HTTPS server, it 
validates the trustworthiness of the destination server by verifying the root 
certificate authority that signed the server certificate. If the Web Proxy does not 
recognize the root certificate that signed the server certificate, then it does not 
trust the server certificate. This happens when the HTTPS server uses a certificate 
authority that is not listed in the set of trusted certificate authorities that ship with 
the Web Security appliance. This might happen if your organization uses an 
internal certificate authority to sign certificates for servers on the internal 
network.

To prevent the Web Proxy from potentially blocking access to servers with 
unrecognized root certificate authorities, you can upload to the appliance root 
certificates that your organization trusts. For example, you might want to upload 
a root certificate used by the servers on your network.

You can upload multiple root certificate files to the appliance, and each file you 
upload can contain multiple root certificates. However, each certificate you 
upload must be a root certificate.

To import a trusted root certificate:

Navigate to the Security Services > HTTPS Proxy page.

In the Custom Root Authority Certificates section, click Import.