Cisco Cisco Web Security Appliance S170 사용자 가이드

To override the trust for one or more Cisco-recognized certificates:

Check the Override Trust checkbox for each entry you wish to override.

Click Submit.

To download a copy of a particular certificate:

Click the name of the certificate in the Cisco Trusted Root Certificate List to expand that entry.

Click Download Certificate. 

The Updates section lists version and last-updated information for the Cisco trusted-root-certificate and 
blacklist bundles on the appliance. These bundles are updated periodically.

Click Update Now on the Certificate Management page to update all bundles for which updates 
are available.

To view a list of certificates which Cisco has determined to be invalid, and has blocked:

Click View Blocked Certificates.

Certain AsyncOS features require a certificate and key to establish, confirm or secure a connection; for 
example, Identity Services Engine (ISE) and Identity Provider for SaaS. You can either upload an 
existing certificate and key, or you can generate one when you configure the feature.

A certificate you upload to the appliance must meet the following requirements:

It must use the X.509 standard.

It must include a matching private key in PEM format. DER format is not supported.

Select Use Uploaded Certificate and Key.

In the Certificate field, click Browse; locate the file to upload.

The Web Proxy uses the first certificate or key in the file. The certificate file must be in PEM format. 
DER format is not supported.