Cisco Cisco ISA570 Integrated Security Appliance 安装指南
© 2012 Cisco Systems, Inc. All rights reserved.
Page 1 of 15
Application Note
Generating and Installing SSL Certificates on the Cisco
ISA500
ISA500
This application note describes how to generate and install SSL certificates on the Cisco ISA500 security
appliance. It includes the following topics:
appliance. It includes the following topics:
•
•
•
•
•
•
Certificate Overview
Digital certificates and key pairs are a form of digital identification for user authentication. Certificates can
be issued for a variety of functions such as Web user authentication, Web server authentication, secure
email (using Secure/Multipurpose Internet Mail Extensions, also called S/MIME), Internet Protocol
security (IPsec), Transport Layer Security (TLS), and code signing.
be issued for a variety of functions such as Web user authentication, Web server authentication, secure
email (using Secure/Multipurpose Internet Mail Extensions, also called S/MIME), Internet Protocol
security (IPsec), Transport Layer Security (TLS), and code signing.
A client or server certificate includes the name of the issuing authority and digital signature, the serial
number, the name of the client or server that the certificate was issued for, the public key, and time stamp
that indicate the certificate's expiration date.
number, the name of the client or server that the certificate was issued for, the public key, and time stamp
that indicate the certificate's expiration date.
A public key certificate, usually just called a certificate, is a digitally-signed statement that binds the value
of a public key to the identity of the person, device, or service that holds the corresponding private key.
Most certificates are based on the X.509v3 certificate standard.
of a public key to the identity of the person, device, or service that holds the corresponding private key.
Most certificates are based on the X.509v3 certificate standard.
Certificate Authorities (CAs), such as GoDaddy or VeriSign issue certificates. A CA also provides a
trusted CA certificate to verify that a client or server certificate originated from the CA. The CA certificate
includes the CA distinguished name, public key, and digital signature.
trusted CA certificate to verify that a client or server certificate originated from the CA. The CA certificate
includes the CA distinguished name, public key, and digital signature.
The recipient of the CA digital certificate verifies it is issued by valid CA, and then obtains the public key
and identification information held within the certificate. With this information, the recipient can send an
encrypted reply.
and identification information held within the certificate. With this information, the recipient can send an
encrypted reply.
How Certificates Work
Step 1.
A client (browser) send a request from a secure webpage (for example: https://
mycompany.com).
mycompany.com).
285489
WWW