cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3562
Views
0
Helpful
6
Replies
Highlighted
Beginner

SSL Certificate for S170 HTTPS Proxy Settings

Hi,

I have a quick question around the SSL certificate for 2x S170 devices I am installing.

Can I purchase 1 certificate and use it on both devices or are 2 seperate certificates required.

Both of the Proxy servers go through a firewall and are not NAT'd.

Are there any specifics required for the certificate?           

6 REPLIES 6
Collaborator

SSL Certificate for S170 HTTPS Proxy Settings

Technically, you can use the same cert on both WSA's.

Whether you can use the same cert on multiple machines is more a function of the license from the cert provider... some state that you have to purchase the right to use it in more than one place...

It has to be a signing cert, as what the WSA is doing is issuing a new cert that "mimics" the one on the webserver your user is access. 

Cisco Employee

Re: SSL Certificate for S170 HTTPS Proxy Settings

Do not purchase any certificates as you will likely receive a Server Certificate (not a Root Certificate).

If a trusted CA were to provide you with a Root signed by Verisign for example, you can in turn compete with their business and start signing/selling Server Certificates.  There is no way that they can control what you would sign.  You can start signing fradulent certificates and there is nothing that they can do to stop you other than revoking it which browsers do not check by default.

I have yet to see anybody get a Root signed by a trusted CA.  If anybody has obtained one, please do let me know.

The only known ways to obtain a Root for the HTTPS proxy is to either:

a) generate one

b) extract it/generate it from an internal trusted CA.

-Vance

Beginner

SSL Certificate for S170 HTTPS Proxy Settings

The trick was to create a sub-CA from our internal Cert Server.

Couldn't find any specific documentation on doing this on a WSA. There is however documentation online for competitors.

Beginner

SSL Certificate for S170 HTTPS Proxy Settings

We currently use self signed as we do not have an in house CA. I followed the guide here:

http://blog.samkendall.net/2010/05/12/how-to-make-your-computers-trust-your-cisco-ironport-https-proxy-in-an-active-directory-environment/  works great.

Beginner

Hi, Can you folks please help

Hi,

 

Can you folks please help me? I've one s170 and I would like to enable the HTTPS Proxy and I'm having trouble to upload the certificate to the appliance.

till now what I've done is Enable HTTPS Proxy --->Use Generated Certificate and Key---->Download Certificate Signing Request

and open my root authority server web page --->request a new certificate--->past the content of the s170 generated file

 

and I receive the certificate tried to upload the certificate to the proxy and one error is generated .

 

hope someone can help me.

 

kind regards,

Alcides

Beginner

I've just posted about this

I've just posted about this exact thing in a different thread:

https://supportforums.cisco.com/discussion/11804801/2048-bit-key-ironport-wsa-https-proxy

Hope that helps you.