Cisco Cisco Web Security Appliance S170 사용자 가이드

To configure the Web Security appliance to use a different digital server certificate, follow these steps:

Obtain a certificate and private key pair to upload. For more information, see 

Upload the certificate and private key pair to the appliance. For more information, see 

.

Generate a public-private key pair.

Generate a Certificate Signing Request (CSR).

Contact a certificate authority (CA) to sign the certificate.

The certificate you upload to the appliance must meet the following requirements:

It must use the X.509 standard.

It must include a matching private key in PEM format. DER format is not supported.

The private key must be unencrypted.

The Web Security appliance cannot generate Certificate Signing Requests (CSR) for certificates 
uploaded to the appliance. Therefore, to have a certificate created for the appliance, you must issue the 
signing request from another system. Save the PEM-formatted key from this system because you will 
need to install it on the appliance later.

You can use any UNIX machine with a recent version of OpenSSL installed. Be sure to put the appliance 
hostname in the CSR. Use the guidelines at the following location for information on generating a CSR 
using OpenSSL: 

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28

 

Once the CSR has been generated, submit it to a certificate authority (CA). The CA will return the 
certificate in PEM format.