Cisco Cisco Web Security Appliance S370 Guia Do Utilizador

10-11

AsyncOS 8.1 for Cisco Web Security User Guide

Chapter 10 Create Decryption Policies to Control HTTPS Traffic

Routing HTTPS Traffic

You can manage the trusted certificate list, adding certificates to it and functionally removing certificates
from it. While the Web Security appliance does not delete certificates from the master list, it allows you
to override trust in a certificate, which functionally removes the certificate from the trusted list.

Adding Certificates to the Trusted List

Before you begin

•

Verify that the HTTPS Proxy is enabled. See

Enabling the HTTPS Proxy, page 10-3

Step 1

Security Services > HTTPS Proxy.

Step 2

Click Manage Trusted Root Certificates.

Step 3

Click Import.

Step 4

Click Browse and navigate to the certificate file.

Step 5

Submit and Commit Changes.

Look for the certificate you uploaded in the Custom Trusted Root Certificates list.

Removing Certificates from the Trusted List

Step 1

Select Security Services > HTTPS Proxy.

Step 2

Click Manage Trusted Root Certificates.

Step 3

Select the Override Trust checkbox corresponding to the certificate you wish to remove from the list.

Step 4

Submit and Commit Changes.

Routing HTTPS Traffic

The ability of AsyncOS to route HTTPS transactions based on information stored in client headers is
limited and is different for transparent and explicit HTTPS.

Option

Description

Transparent
HTTPS

In the case of transparent HTTPS, AsyncOS does not have access to information
in the client headers. Therefore, AsyncOS cannot enforce routing policies that
rely on information in client headers.

Explicit HTTPS

In the case of explicit HTTPS, AsyncOS has access to the following information
in client headers:

•

URL

•

Destination port number

Therefore, for explicit HTTPS transactions, it is possible to match a routing
policy based on URL or port number.