Cisco Cisco Web Security Appliance S170 Guía Del Usuario
26-31
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 26 System Administration
Installing a Server Digital Certificate
Figure 26-11
Cisco IronPort Web Security Appliance Demo Certificate as an Unknown Authority
To configure the Web Security appliance to use a different digital server certificate, follow these steps:
Step 1
Obtain a certificate and private key pair to upload. For more information, see
Step 2
Upload the certificate and private key pair to the appliance. For more information, see
.
Obtaining Certificates
Step 1
Generate a public-private key pair.
Step 2
Generate a Certificate Signing Request (CSR).
Step 3
Contact a certificate authority (CA) to sign the certificate.
The certificate you upload to the appliance must meet the following requirements:
•
It must use the X.509 standard.
•
It must include a matching private key in PEM format. DER format is not supported.
•
The private key must be unencrypted.
The Web Security appliance cannot generate Certificate Signing Requests (CSR) for certificates
uploaded to the appliance. Therefore, to have a certificate created for the appliance, you must issue the
signing request from another system. Save the PEM-formatted key from this system because you will
need to install it on the appliance later.
uploaded to the appliance. Therefore, to have a certificate created for the appliance, you must issue the
signing request from another system. Save the PEM-formatted key from this system because you will
need to install it on the appliance later.
You can use any UNIX machine with a recent version of OpenSSL installed. Be sure to put the appliance
hostname in the CSR. Use the guidelines at the following location for information on generating a CSR
using OpenSSL:
hostname in the CSR. Use the guidelines at the following location for information on generating a CSR
using OpenSSL:
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28
Once the CSR has been generated, submit it to a certificate authority (CA). The CA will return the
certificate in PEM format.
certificate in PEM format.