Re: WSA HTTPS Proxy

ermionline · ‎06-28-2018

Hi Guys,

I have two WSA S170 and i want to enable HTTPS proxy, but i don't have root certificate. My question is how can i get a root certificate and how can i uses the certificate to enable HTTPS proxy

Thanks

Ermias

David Niemann · ‎06-28-2018

You can either generate a self-signed certificate and have it pushed to your workstations as a trusted CA cert via Windows GPOs or if you have a PKI generate a cert for the WSA that will be trusted by your domain.

Ken Stieers · ‎06-28-2018

Assuming you're a Microsoft shop, you can spin up a VM and install the Certificate Authority role as an Enterprise CA. That will put the ROOT of the CA in your AD, and replicate it to your workstations. Then from the CA issue a subordinate CA cert and use that on your WSAs.

OR

Use the demo certs that came with one of the WSAs. Download them, and then add the to a group policy as a "Trusted Root" cert and make sure all of your machines get it.

Some resources:

Steps to configure HTTPS Proxy and CSR Option on Web Security Appliance: https://www.youtube.com/watch?v=1g_96XYnkz4&feature=youtu.be

Steps to enable HTTPS proxy on (WSA) & Uploading Root/Intermediate certificate option.

https://supportforums.cisco.com/video/11932521/steps-enable-https-proxy-wsa-uploading-rootintermediate-certificate-option