Guides
Secure Access Help Center

Manage Certificates

👍

Secure Access Packages and Feature Availability

Not all of the features described here are available to all Secure Access packages. Information about your current package is listed on the Admin > Licensing page. For more information, see Determine Your Current Package. If you encounter a feature here that you do not have access to, contact your sales representative for more information about your current package. See also, Cisco Secure Access Packages.

Certificates are required for secure internet access. Specifically, certificates are required to decrypt traffic in order to inspect it for threats, and to present notifications to end users when access is blocked or triggers a warning. Cisco provides trusted root store bundles, which contain information about certificates used by Cisco products.

Certificate Installation Methods

Certificate installation can be done on a per-browser or per-machine basis. For larger deployments, you can perform an automatic installation through Group Policy Objects (GPO). Note that the automatic installation through GPO is only supported for the Edge or Chrome browsers on Windows systems. As such, for Firefox or Safari browsers, and for users on non-Windows operating systems, you must perform the manual installation procedure.

You can also install a certificate automatically—through Active Directory Group Policy Objects—for a group of users in Microsoft Windows Active Directory. This automatic installation of a certificate is only supported for Edge or Chrome browsers on Windows systems. For all other browsers and systems, you must perform the manual installation procedure.

  • Umbrella Root Certificate: The Cisco Umbrella root certificate is crucial for seamless HTTPS traffic decryption, block page display, and enhanced security features, preventing browser errors and improving overall functionality. For detailed instructions, see Manage the Cisco Umbrella Root Certificate.
  • Secure Access Root Certificate: Secure access root certificates enhance security and connectivity by enabling traffic decryption for threat detection to private and internet resources. SSE root certificate establishes trust for SAML authentication with identity providers. They also support user and device authentication in VPN connections, ensuring secure remote access. For detailed instructions, see Manage the Secure Access Root Certificate.

If you already have the Umbrella root certificate installed, there's no need to install the Secure Access root certificate. Both certificates provide similar levels of protection and enable key security features.

Add a Do Not Decrypt List for Internet Access < Manage Certificate > Manage the Cisco Umbrella Root Certificate

Updated 14 days ago