Cisco Cisco ASA 5525-X Adaptive Security Appliance 기술 매뉴얼
Prerequisites
Requirements
This document requires access to a trusted third-party Certificate Authority (CA) for certificate
enrollment. Examples of third-party CA vendors include, but are not limited to, Baltimore, Cisco,
Entrust, Geotrust, G, Microsoft, RSA, Thawte, and VeriSign.
enrollment. Examples of third-party CA vendors include, but are not limited to, Baltimore, Cisco,
Entrust, Geotrust, G, Microsoft, RSA, Thawte, and VeriSign.
Before you start, verify that the ASA has the correct clock time, date, and time zone. With
certificate authentication, it is recommended to use a Network Time Protocol (NTP) server to
synchronize the time on the ASA. The
certificate authentication, it is recommended to use a Network Time Protocol (NTP) server to
synchronize the time on the ASA. The
details the steps to take in order to set up the time and date correctly on the ASA.
Components Used
This document uses an ASA 5500-X that runs software version 9.4.1 and ASDM version 7.4(1).
The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
Configure
The SSL protocol mandates that the SSL Server provide the client with a server certificate for the
client to perform server authentication. Cisco does not recommend use of a self-signed certificate
because of the possibility that a user could inadvertently configure a browser to trust a certificate
from a rogue server. There is also the inconvenience to users to have to respond to a security
warning when it connects to the secure gateway. It is recommended to use trusted third-party CAs
to issue SSL certificates to the ASA for this purpose.
client to perform server authentication. Cisco does not recommend use of a self-signed certificate
because of the possibility that a user could inadvertently configure a browser to trust a certificate
from a rogue server. There is also the inconvenience to users to have to respond to a security
warning when it connects to the secure gateway. It is recommended to use trusted third-party CAs
to issue SSL certificates to the ASA for this purpose.
The lifecycle of a third-party certificate on the ASA essentially takes place with these steps: