Cisco Cisco Web Security Appliance S170 Guia Do Utilizador
12-17
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 12 Decryption Policies
Enabling the HTTPS Proxy
Note
This field only appears when the appliance is deployed in transparent mode.
Step 6
In the Applications that Use HTTPS section, choose whether or not to enable decryption for enhanced
application visibility and control.
application visibility and control.
Enabling this setting allows the Web Proxy to detect applications that use HTTPS with better accuracy.
This setting supersedes the “Pass Through” decision made by the Web Reputation Filters as configured
in the Decryption Policies. However, the URL category decision still applies.
This setting supersedes the “Pass Through” decision made by the Web Reputation Filters as configured
in the Decryption Policies. However, the URL category decision still applies.
Note
Decryption may cause some applications to fail unless the root certificate for signing is installed
on the client. For more information, see
on the client. For more information, see
.
For more information on the appliance root certificate, see
Step 7
Choose which root certificate to use for signing self-signed certificates the appliance sends to clients:
•
Uploaded certificate and key. Go to step
•
Generated certificate and key. Go to step
on page 18.
For more information about how the appliance uses these root certificates, see
.
Note
If the appliance has both an uploaded certificate and key pair and a generated certificate and key
pair, it only uses the certificate and key pair currently selected in the Root Certificate for Signing
section.
pair, it only uses the certificate and key pair currently selected in the Root Certificate for Signing
section.
Step 8
To upload a root certificate and key:
a.
Click Use Uploaded Certificate and Key.
b.
Click Browse for the Certificate field to navigate to the certificate file stored on the local machine.
If the file you upload contains multiple certificates or keys, the Web Proxy uses the first certificate
or key in the file.
or key in the file.
Note
The certificate file must be in PEM format. DER format is not supported.
c.
Click Browse for the Key field to navigate to the private key file. The private key must be
unencrypted.
unencrypted.
Note
The key length must be 512, 1024, or 2048 bits. Also, the private key file must be in PEM
format. DER format is not supported.
format. DER format is not supported.
d.
Click Upload Files to transfer the certificate and key files to the Web Security appliance.
The uploaded certificate information is displayed on the Edit HTTPS Proxy Settings page.
Note
After you upload the certificate and key, you can download the certificate to transfer it to the
client applications on the network. Do this using the Download Certificate link in the
uploaded key area.
client applications on the network. Do this using the Download Certificate link in the
uploaded key area.