Cisco Cisco Web Security Appliance S160 Guia Do Utilizador

Security Services > HTTPS Proxy.

Click Edit Settings.

Select Use Generated Certificate and Key.

Click Generate New Certificate and Key.

In the Generate Certificate and Key dialog box, enter the information to display in the root certificate. 

You can enter any ASCII character except the forward slash ( / ) in the Common Name field.

Click Generate. 

The generated certificate information is displayed on the Edit HTTPS Proxy Settings page.

(Optional) Click Download Certificate so you can transfer it to the client applications on the network.

(Optional) Click the Download Certificate Signing Request link. so you can submit the Certificate 
Signing Request (CSR) to a certificate authority (CA). 

(Optional) Upload the signed certificate to the Web Security appliance after receiving it back from the 
CA. You can do this at anytime after generating the certificate on the appliance. 

Submit and Commit Changes.

Verify that the HTTPS proxy is enabled as described in 

Security Services > HTTPS Proxy.

Click Edit Settings.

For each type of certificate error, define the proxy response, Drop, Decrypt or Monitor.

Expired

The current date falls outside of the range of validity for the certificate.

Mismatched hostname

The hostname in the certificate does not match the hostname the client was 
trying to access. 

The Web Proxy can only perform hostname match when it is 
deployed in explicit forward mode. When it is deployed in 
transparent mode, it does not know the hostname of the destination 
server (it only knows the IP address), so it cannot compare it to the 
hostname in the server certificate.

Unrecognized root 
authority/issuer

Either the root authority or an intermediate certificate authority is 
unrecognized.

Invalid signing 
certificate

There was a problem with the signing certificate.