Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
1-23
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 1 Customizing Listeners
Warning
Your Cisco IronPort appliance ships with a demonstration certificate to test the TLS and HTTPS
functionality, but enabling either service with the demonstration certificate is not secure and is not
recommended for general use. When you enable either service with the default demonstration
certificate, a warning message is printed in the CLI.
functionality, but enabling either service with the demonstration certificate is not secure and is not
recommended for general use. When you enable either service with the default demonstration
certificate, a warning message is printed in the CLI.
Intermediate Certificates
In addition to root certificate verification, AsyncOS supports the use of intermediate certificate
verification. Intermediate certificates are certificates issued by a trusted root certificate authority which
are then used to create additional certificates - effectively creating a chained line of trust. For example,
a certificate may be issued by godaddy.com who, in turn, is granted the rights to issue certificates by a
trusted root certificate authority. The certificate issued by godaddy.com must be validated against
godaddy.com’s private key as well as the trusted root certificate authority’s private key.
verification. Intermediate certificates are certificates issued by a trusted root certificate authority which
are then used to create additional certificates - effectively creating a chained line of trust. For example,
a certificate may be issued by godaddy.com who, in turn, is granted the rights to issue certificates by a
trusted root certificate authority. The certificate issued by godaddy.com must be validated against
godaddy.com’s private key as well as the trusted root certificate authority’s private key.
Creating a Self-Signed Certificate
To create a self-signed certificate, begin by clicking Add Certificate on the Network > Certificates page
in the GUI (or the
in the GUI (or the
certconfig
command in the CLI). On the Add Certificate page, select Create
Self-Signed Certificate.
shows the Add Certificate page with the Create Self-Signed Certificate option selected.
Figure 1-12
Add Certificate Page
Enter the following information for the self-signed certificate:
Common Name
The fully qualified domain name.
Organization
The exact legal name of the organization.
Organizational Unit
Section of the organization.
City (Locality)
The city where the organization is legally located.
State (Province)
The state, county, or region where the organization is legally
located.
located.
Country
The two letter ISO abbreviation of the country where the
organization is legally located.
organization is legally located.
Duration before expiration
The number of days before the certificate expires.
Private Key Size
Size of the private key to generate for the CSR. Only
2048-bit and 1024-bit are supported.
2048-bit and 1024-bit are supported.