Cisco Cisco Email Security Appliance C650 Guía Del Usuario
17-25
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 17 Data Loss Prevention
RSA Enterprise Manager
(Recommended) Obtaining and Uploading Certificates for SSL Connections between Email Security
Appliances and Enterprise Manager
Appliances and Enterprise Manager
If you want to use an SSL connection between the Email Security appliance and Enterprise Manager,
you will need one or more certificates and signing keys from a recognized certificate authority to use for
mutual authentication of the two machines.
you will need one or more certificates and signing keys from a recognized certificate authority to use for
mutual authentication of the two machines.
When configuring the SSL connection, the Enterprise Manager server is the server and the Email
Security appliance is the client.
Security appliance is the client.
Complete all of the following procedures:
•
•
•
•
•
Generating Client and Server Certificates using RSA’s Certificate Tool
RSA provides a certificate generation tool that you can use to generate a single .p12 file that you can use
as both the server and client certificate for the connection. If you want to use different certificates for
the appliance and the Enterprise Manager server, you must get them from another source.
as both the server and client certificate for the connection. If you want to use different certificates for
the appliance and the Enterprise Manager server, you must get them from another source.
This tool creates and stores two files on the Enterprise Manager server: the .p12 certificate file and a
.pem certificate file. If you want to use the .p12 file, you must also import the .pem file onto the Email
Security appliance as a certificate authority list.
.pem certificate file. If you want to use the .p12 file, you must also import the .pem file onto the Email
Security appliance as a certificate authority list.
For more information, see the RSA documentation.
Procedure
Step 1
Open a command prompt on the Enterprise Manager server.
Step 2
Change to
C:\Program Files\RSA\Enterprise Manager\etc
.
Step 3
Run the following command:
"%JAVA_HOME%/bin/java" -cp ./emcerttool.jar
com.rsa.dlp.tem.X509CertGenerator -clientservercasigned -cacn <NAME OF CAPROVIDED DURING
INSTALL> -cakeystore catem-keystore -castorepass <PASSWORD FOR CA PROVIDED DURING
INSTALL> -cn <DEVICE_CN> -storepass <DEVICE STORE PASSWORD> -keystore <NAME OF DEVICE
STORE>
Note
The common name of the certificate must be the hostname of the Email Security appliance.
If Enterprise Manager manages the connected Email Security appliances at the group or cluster
level, each appliance requires a certificate with a Common Name that matches the hostname of
that appliance.
level, each appliance requires a certificate with a Common Name that matches the hostname of
that appliance.
A sample command may look like the following: