Cisco Cisco Web Security Appliance S670 사용자 가이드

You can choose how to handle the root certificates issued by the Web Security appliance:

Inform users to accept the root certificate. You can inform the users in your organization what the 
new policies are at the company and tell them to accept the root certificate supplied by the 
organization as a trusted source.

Add the root certificate to client machines. You can add the root certificate to all client machines 
on the network as a trusted root certificate authority. This way, the client applications automatically 
accept transactions with the root certificate. 

Security Services > HTTPS Proxy. 

Click Edit Settings.

Click the Download Certificate link for either the generated or uploaded certificate.

To reduce the possibility of client machines getting a certificate error, submit the changes after you 
generate or upload the root certificate to the Web Security appliance, then distribute the certificate to 
client machines, and then commit the changes to the appliance. 

The Web Security appliance validates certificates before inspecting and decrypting content. 

Qualities of a valid certificate:

Not expired. The certificate’s validity period includes the current date.

Recognized certificate authority. The issuing certificate authority is included in the list of trusted 
certificate authorities stored on the Web Security appliance.

Valid signature. The digital signature was properly implemented based on cryptographic standards.

Consistent naming. The common name matches the hostname specified in the HTTP header. 

Not revoked. The issuing certificate authority has not revoked the certificate.

The appliance can perform one of the following actions for invalid server certificates: