Cisco Cisco Web Security Appliance S360 Guia Do Utilizador

Verify that the HTTPS proxy is enabled as described in 

Security Services > HTTPS Proxy.

Click Edit Settings.

Enable the decryption options.

Authentication at the HTTPS connection layer is available for these types of requests:

The HTTPS proxy uses the root certificates and private key files that you upload to the appliance to 
decrypt traffic. The root certificate and private key files you upload to the appliance must be in PEM 
format; DER format is not supported. 

You can enter root certificate information in the following ways:

Generate. You can enter some basic organization information and then click a button so the 
appliance generates the rest of the certificate and a private key. 

Decrypt for 
Authentication

For users who have not been authenticated prior to this HTTPS transaction, 
allow decryption for authentication.

Decrypt for End-User 
Notification

Allow decryption so that AsyncOS can display the end-user notification.

If the certificate is invalid and invalid certificates are set to drop, 
when running a policy trace, the first logged action for the transaction 
will be “decrypt”. 

Decrypt for End-User 
Acknowledgement

For users who have not acknowledged the web proxy prior to this HTTPS 
transaction, allow decryption so that AsyncOS can display the end-user 
acknowledgement.

Decrypt for Application 
Detection

Enhances the ability of AsyncOS to detect HTTPS applications. 

Explicit requests

secure client authentication disabled or

secure client authentication enabled and an IP-based surrogate

Transparent 
requests

IP-based surrogate, decryption for authentication enabled or

IP-based surrogate, client previously authenticated using an HTTP request