Руководство Пользователя для Cisco Cisco Web Security Appliance S170
5-24
Cisco AsyncOS 8.0.6 for Web User Guide
Chapter 5 Acquire End-User Credentials
Credentials
Credentials
•
•
Credential Format
Credential Encryption for Basic Authentication
About Credential Encryption for Basic Authentication
Enable credential encryption to transmit credentials over HTTPS in encrypted form. This increases
security of the basic authentication process.
security of the basic authentication process.
The Web Security appliance uses its own certificate and private key by default to create an HTTPS
connection with the client for the purposes of secure authentication. Most browsers will warn users,
however, that this certificate is not valid. To prevent users from seeing the invalid certificate message,
you can upload a valid certificate and key pair that your organization uses.
connection with the client for the purposes of secure authentication. Most browsers will warn users,
however, that this certificate is not valid. To prevent users from seeing the invalid certificate message,
you can upload a valid certificate and key pair that your organization uses.
Configuring Credential Encryption
Before You Begin:
•
Configure the appliance to use IP surrogates.
•
(Optional) Obtain a certificate and unencrypted private key. The certificate and key configured here
are also used by Access Control.
are also used by Access Control.
Step 1
Choose Network > Authentication.
Step 2
Click Edit Global Settings.
Step 3
Check the Use Encrypted HTTPS Connection For Authentication check box in the Credential
Encryption field.
Encryption field.
Step 4
(Optional) Edit the default port number (443) in the HTTPS Redirect Port field for client HTTP
connections during authentication.
connections during authentication.
Step 5
(Optional) Upload a certificate and key:
a.
Expand the Advanced section.
b.
Click Browse in the Certificate field and find the certificate file you wish to upload.
c.
Click Browse in the Key field and find the private key file you wish to upload.
Authentication Scheme
Credential Format
NTLMSSP
MyDomain\jsmith
Basic
jsmith
MyDomain\jsmith
Note
If the user does not enter the Windows domain, the Web Proxy
prepends the default Windows domain.
prepends the default Windows domain.