Cisco Cisco Email Security Appliance C650 Guía Del Usuario
1-33
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Chapter 1 Customizing Listeners
You may purchase certificates and private keys from a recognized certificate
authority service. A certificate authority is a third-party organization or company
that issues digital certificates used to verify identity and distributes public keys.
This provides an additional level of assurance that the certificate is issued by a
valid and trusted identity. IronPort does not recommend one service over another.
authority service. A certificate authority is a third-party organization or company
that issues digital certificates used to verify identity and distributes public keys.
This provides an additional level of assurance that the certificate is issued by a
valid and trusted identity. IronPort does not recommend one service over another.
The Cisco IronPort appliance can create a self-signed certificate for your own use
and generate a Certificate Signing Request (CSR) to submit to a certificate
authority to obtain the public certificate. The certificate authority will return a
trusted public certificate signed by a private key. Use the Network > Certicates
page in the GUI or the
and generate a Certificate Signing Request (CSR) to submit to a certificate
authority to obtain the public certificate. The certificate authority will return a
trusted public certificate signed by a private key. Use the Network > Certicates
page in the GUI or the
certconfig
command in the CLI to create the self-signed
certificate, generate the CSR, and install the trusted public certificate.
If you are acquiring or creating a certificate for the first time, search the Internet
for “certificate authority services SSL Server Certificates,” and choose the service
that best meets the needs of your organization. Follow the service’s instructions
for obtaining a certificate.
for “certificate authority services SSL Server Certificates,” and choose the service
that best meets the needs of your organization. Follow the service’s instructions
for obtaining a certificate.
You can view the entire list of certificates on the Network > Certificates page in
the GUI and in the CLI by using the
the GUI and in the CLI by using the
print
command after you configure the
certificates using
certconfig
. Note that the
print
command does not display
intermediate certificates.
Warning
Your IronPort appliance ships with a demonstration certificate to test the TLS
and HTTPS functionality, but enabling either service with the demonstration
certificate is not secure and is not recommended for general use. When you
enable either service with the default demonstration certificate, a warning
message is printed in the CLI.
and HTTPS functionality, but enabling either service with the demonstration
certificate is not secure and is not recommended for general use. When you
enable either service with the default demonstration certificate, a warning
message is printed in the CLI.
Intermediate Certificates
In addition to root certificate verification, AsyncOS supports the use of
intermediate certificate verification. Intermediate certificates are certificates
issued by a trusted root certificate authority which are then used to create
additional certificates - effectively creating a chained line of trust. For example, a
certificate may be issued by godaddy.com who, in turn, is granted the rights to
issue certificates by a trusted root certificate authority. The certificate issued by
godaddy.com must be validated against godaddy.com’s private key as well as the
trusted root certificate authority’s private key.
intermediate certificate verification. Intermediate certificates are certificates
issued by a trusted root certificate authority which are then used to create
additional certificates - effectively creating a chained line of trust. For example, a
certificate may be issued by godaddy.com who, in turn, is granted the rights to
issue certificates by a trusted root certificate authority. The certificate issued by
godaddy.com must be validated against godaddy.com’s private key as well as the
trusted root certificate authority’s private key.