Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco
  4. Cisco Web Security Appliance S360
  5. Guía Del Usuario

Cisco Cisco Web Security Appliance S360 Guía Del Usuario

Descargar
Página de 450
 
22-27
AsyncOS 9.1 for Cisco Web Security Appliances User Guide
 
Chapter 22      Perform System Administration Tasks
  Certificate Management
Step 2
Click Generate New Certificate and Key.
a.
In the Generate Certificate and Key dialog box, enter the necessary generation information. 
Note
You can enter any ASCII character except the forward slash ( / ) in the Common Name field.
b.
Click Generate in the Generate Certificate and Key dialog box. 
When generation is complete, the certificate information is displayed in the Certificate section, 
along with two links: Download Certificate and Download Certificate Signing Request. In 
addition, there is a Signed Certificate option that is used to upload the signed certificate when you 
receive it from the Certificate Authority (CA).
Step 3
Click Download Certificate to download the new certificate for upload to the appliance.
Step 4
Click Download Certificate Signing Request to download the new certificate file for transmission to a 
Certificate Authority (CA) for signing. See 
 for more 
information about this process.
a.
When the CA returns the signed certificate, click Browse in the Signed Certificate portion of the 
Certificate field to locate the signed-certificate file, and then click Upload File to upload it to 
the appliance.
b.
Ensure the CA’s root certificate is present in the appliance’s list of trusted root certificates. If it is 
not, add it. See 
 for more information.
Certificate Signing Requests
The Web Security appliance cannot generate Certificate Signing Requests (CSR) for certificates 
uploaded to the appliance. Therefore, to have a certificate created for the appliance, you must issue the 
signing request from another system. Save the PEM-formatted key from this system because you will 
need to install it on the appliance later.
You can use any UNIX machine with a recent version of OpenSSL installed. Be sure to put the appliance 
hostname in the CSR. Use the guidelines at the following location for information on generating a CSR 
using OpenSSL: 
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28
 
Once the CSR has been generated, submit it to a certificate authority (CA). The CA will return the 
certificate in PEM format.
If you are acquiring a certificate for the first time, search the Internet for “certificate authority services 
SSL server certificates,” and choose the service that best meets the needs of your organization. Follow 
the service’s instructions for obtaining an SSL certificate.
Note
You can also generate and sign your own certificate. Tools for doing this are included with OpenSSL, 
free software from 
http://www.openssl.org
.
Intermediate Certificates
In addition to root certificate authority (CA) certificate verification, AsyncOS supports the use of 
intermediate certificate verification. Intermediate certificates are certificates issued by a trusted root CA 
which are then used to create additional certificates. This creates a chained line of trust. For example, a