Руководство Пользователя для Cisco Cisco Email Security Appliance C170
Chapter 2 Customizing Listeners
2-54
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Warning
Your IronPort appliance ships with a demonstration certificate to test the TLS
and HTTPS functionality, but enabling either service with the demonstration
certificate is not secure and is not recommended for general use. When you
enable either service with the default demonstration certificate, a warning
message is printed in the CLI.
and HTTPS functionality, but enabling either service with the demonstration
certificate is not secure and is not recommended for general use. When you
enable either service with the default demonstration certificate, a warning
message is printed in the CLI.
Intermediate Certificates
In addition to root certificate verification, AsyncOS supports the use of
intermediate certificate verification. Intermediate certificates are certificates
issued by a trusted root certificate authority which are then used to create
additional certificates - effectively creating a chained line of trust. For example, a
certificate may be issued by godaddy.com who, in turn, is granted the rights to
issue certificates by a trusted root certificate authority. The certificate issued by
godaddy.com must be validated against godaddy.com’s private key as well as the
trusted root certificate authority’s private key.
intermediate certificate verification. Intermediate certificates are certificates
issued by a trusted root certificate authority which are then used to create
additional certificates - effectively creating a chained line of trust. For example, a
certificate may be issued by godaddy.com who, in turn, is granted the rights to
issue certificates by a trusted root certificate authority. The certificate issued by
godaddy.com must be validated against godaddy.com’s private key as well as the
trusted root certificate authority’s private key.
Creating a Self-Signed Certificate
To create a self-signed certificate on an Email Security appliance, begin by
clicking Add Certificate on the Network > Certificates page in the GUI (or the
clicking Add Certificate on the Network > Certificates page in the GUI (or the
certconfig
command in the CLI).
On a Email Security appliance with a FIPS-compliant HSM card, click Add
Certificate on the FIPS Mode > FIPS Management page in the GUI (or the
Certificate on the FIPS Mode > FIPS Management page in the GUI (or the
fipsconfig > certconfig
CLI command).
On the Add Certificate page, select Create Self-Signed Certificate.
shows the Add Certificate page with the Create Self-Signed
Certificate option selected.