Cisco Cisco Web Security Appliance S360 Guia Do Utilizador

When a browser prompts its user to authenticate, the browser sends the authentication credentials to 
the Web Proxy using a secure HTTPS connection. By default, the Web Security appliance uses the 
“Cisco Web Security Appliance Demo Certificate” that comes with it to create an HTTPS connection 
with the client. Most browsers will warn users that the certificate is not valid. To prevent users from 
seeing the invalid certificate message, you can upload a certificate and key pair that your applications 
recognize automatically.

The Web Security appliance ships with and maintains a list of trusted root certificates. Web sites with 
trusted certificates do not require decryption. 

You can manage the trusted certificate list, adding certificates to it and functionally removing certificates 
from it. While the Web Security appliance does not delete certificates from the master list, it allows you 
to override trust in a certificate, which functionally removes the certificate from the trusted list. 

To add, override or download a trusted root certificate:

Choose Network > Certificate Management. 

Click Manage Trusted Root Certificates on the Certificate Management page.

To add a custom trusted root certificate with a signing authority not on the Cisco-recognized list:

Click Import and then browse to, select, and Submit the certificate file. 

To override the trust for one or more Cisco-recognized certificates:

Check the Override Trust checkbox for each entry you wish to override.

Click Submit.

To download a copy of a particular certificate:

Click the name of the certificate in the Cisco Trusted Root Certificate List to expand that entry.

Click Download Certificate. 

The Updates section lists version and last-updated information for the Cisco trusted-root-certificate and 
blacklist bundles on the appliance. These bundles are updated periodically.