Cisco Cisco Web Security Appliance S680 Guía Del Usuario
26-31
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 26 System Administration
Installing a Server Digital Certificate
If you are acquiring a certificate for the first time, search the Internet for “certificate authority services
SSL server certificates,” and choose the service that best meets the needs of your organization. Follow
the service’s instructions for obtaining an SSL certificate.
SSL server certificates,” and choose the service that best meets the needs of your organization. Follow
the service’s instructions for obtaining an SSL certificate.
Note
You can also generate and sign your own certificate. Tools for doing this are included with OpenSSL,
free software from
free software from
http://www.openssl.org
.
Intermediate Certificates
In addition to root certificate authority (CA) certificate verification, AsyncOS supports the use of
intermediate certificate verification. Intermediate certificates are certificates issued by a trusted root CA
which are then used to create additional certificates. This creates a chained line of trust. For example, a
certificate may be issued by example.com who, in turn, is granted the rights to issue certificates by a
trusted root CA. The certificate issued by example.com must be validated against example.com’s private
key as well as the trusted root CA’s private key.
intermediate certificate verification. Intermediate certificates are certificates issued by a trusted root CA
which are then used to create additional certificates. This creates a chained line of trust. For example, a
certificate may be issued by example.com who, in turn, is granted the rights to issue certificates by a
trusted root CA. The certificate issued by example.com must be validated against example.com’s private
key as well as the trusted root CA’s private key.
Uploading Certificates to the Web Security Appliance
To upload a digital certificate to the Web Security appliance, use the
certconfig
command.
The following example shows a certificate being uploaded. You can also add intermediate certificates
from this command.
from this command.
example.com> certconfig
Currently using the demo certificate/key for HTTPS management access.
Choose the operation you want to perform:
- SETUP - Configure security certificate and key.
[]> setup
Management (HTTPS):
paste cert in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X