Sécurité : Appareil de sécurité de courriel Cisco

Installez un certificat ssl par l'intermédiaire du CLI sur un ESA

18 octobre 2016 - Traduction automatique
Autres versions: PDFpdf | Anglais (22 août 2015) | Commentaires

Introduction

Ce document décrit comment installer un certificat de Secure Sockets Layer (SSL), qui inclut un certificat intermédiaire SSL, par l'intermédiaire du CLI sur une appliance de sécurité du courrier électronique de Cisco (ESA).

Contribué par David Armistead et Robert Sherwin, ingénieurs TAC Cisco.

Prerequistes

Cisco vous recommande de prendre connaissance des rubriques suivantes :

  • ESA
  • Toutes les versions d'AsyncOS

Installez un certificat ssl

L'ESA incitera pour le certificat intermédiaire après le certificat de serveur. Si nécessaire, vous pouvez installer plus d'un certificat intermédiaire.

Voici un exemple de sortie.

Remarque: Ce sont les certificats d'essai auto-signés. N'essayez pas de les utiliser.



ironport.example.com> certconfig

Currently using one certificate/key for receiving, delivery, HTTPS
management access, and LDAP.


Choose the operation you want to perform:
- SETUP - Configure security certificates and keys.
[]> setup

Do you want to use one certificate/key for receiving, delivery, HTTPS
management access, and LDAPS? [Y]>

paste cert in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----

.
cert = -----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----


paste key in PEM format (end with '.'):
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9uHiDtQRZXEjEj5RBObDe/s2t40+o6Eur9QS9B7ZSkuLlYsK
F4r1/iYoh3zO7jS2ihLTu4Dp2UKJSbJmnrnKqgV5tnKdTo/PeF8VoqF4WaJATNcc
vZmbKWzDcCC8UTH211ZhS8IS85v3hvfiXsK1bleEZYSYRse2J/0NbxiJEwJoxTrg
kFZKxnCKZ5eI1zzjCXZqS6cNC1GGZX0YEVWD0npikRqjsWcXhLmycOz1T4k5hoGK
JCB/CJjg+Tk0T7s1qBI66G753j2CK8ko0cl3Z3JDxnsJAf097SJKU5BBiXrzGQES
v9+pReXnWY8oFWA83zM+y3tbV2MI/NLfMBdK3wIDAQABAoIBAQCmPpb9yznnqFao
e0QNW+M5AoHm+fq7LteEWPdmYbuKNvLIgXcLQWzCdimGirnBV8evlFv1gCp4PUC7
WqGVsqBQ+xzpiaZ594cKlGS6PacQHJzV4WieF+iO7YlxYOnOdymz+ZvM6uPeHSGC
Rjut+ck4g0BJKA9uYh88MD+ylr//Bqau0/H13/7Kxb337k9OwKLtgPnQe94/FPWx
d0Sb1UccFop/lNUuqBrjE9HUojADZtWAigJnBm8c4mG6gx3ZYlXP6PD2Ww7tkbcR
llh/x0xP4l4Rtt3DL2PMCusl/ukMdncuBjRl68zTuuJ4dCMkcv6ATTOkbFWp1B1d
fgBkmITZAoGBAP8pd3Rz30rMIndw4+ZtL/2afJSD9f0ytdZ7/mlQnutcRlCoSrbp
s5mFWXhryyzCEYHeapOX1Rjlp5CLj+2NAw30QEY07XArVxs0w/BB4TXsV/KheVqP
qDZAHTyE4BdXvtJFNOugu/P5OyYuYrSekWJrApZakGiH4ggoHuSd494TAoGBAPex
dIOE10SZG4y1lD0PdTdCpVrE4UrQC3jV9SX9a6LymaP4SARJ0FwzTTHDQbgvUF7R
vL3p3TouX5SDp0RnDWMA81LNRgZSa9wtJu9yXUhn9i7xISAaguLjyDCOKg2lVRsr
Kaq27kcIXmbdKNJu5ozjXz7TebJg/3NL9jtOSMmFAoGAU8Y8hwpoHHmrM0XoPUZK
BFyNXIF66ReWJgZtwAwNMT8Jgv/OEAHoypXCi0vw2BAbiWUJ3s1x1IvKGSYJKjgq
8ZDo7WQBNNu17KPFVQN8OqUPNwUW/8m8s5sXPkBuBpvzdbvtJROPwglpBx8hnyWU
nBiAL/cqBHfgmUb65ZqFLusCgYEA9nEzUh/75x7HEGshwNb+cyr2RqeY2MzCfUm0
DkZkr83dHA3N6aZfjzzj011IqC87MfxQZEypdlfpdWTAKgi2gwjREFN5FpUvB/RM
xvTs5zu479+ua7i0/XZRGi54nPchBFUfseEslrQ26PWmxijdbtRTUbkrXlWwFFFB
/qPXO9kCgYEA16IFZzR79c7mHROpfaUTibrZGYQUn5DggQKaGhaKN6RjI1ZvHUJS
xinp/HDHL2ce8DXsoXwE532xuLqO4ZchpB46DJ19xI1XL4wBk3Mp0NYR3qRPfnzU
VD3C4qagW3Bet+2Fe4ZHamQu27TMSl0IUpcDRjYzQFUSKIv9zDWBtUk=
-----END RSA PRIVATE KEY-----

.
key = -----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9uHiDtQRZXEjEj5RBObDe/s2t40+o6Eur9QS9B7ZSkuLlYsK
F4r1/iYoh3zO7jS2ihLTu4Dp2UKJSbJmnrnKqgV5tnKdTo/PeF8VoqF4WaJATNcc
vZmbKWzDcCC8UTH211ZhS8IS85v3hvfiXsK1bleEZYSYRse2J/0NbxiJEwJoxTrg
kFZKxnCKZ5eI1zzjCXZqS6cNC1GGZX0YEVWD0npikRqjsWcXhLmycOz1T4k5hoGK
JCB/CJjg+Tk0T7s1qBI66G753j2CK8ko0cl3Z3JDxnsJAf097SJKU5BBiXrzGQES
v9+pReXnWY8oFWA83zM+y3tbV2MI/NLfMBdK3wIDAQABAoIBAQCmPpb9yznnqFao
e0QNW+M5AoHm+fq7LteEWPdmYbuKNvLIgXcLQWzCdimGirnBV8evlFv1gCp4PUC7
WqGVsqBQ+xzpiaZ594cKlGS6PacQHJzV4WieF+iO7YlxYOnOdymz+ZvM6uPeHSGC
Rjut+ck4g0BJKA9uYh88MD+ylr//Bqau0/H13/7Kxb337k9OwKLtgPnQe94/FPWx
d0Sb1UccFop/lNUuqBrjE9HUojADZtWAigJnBm8c4mG6gx3ZYlXP6PD2Ww7tkbcR
llh/x0xP4l4Rtt3DL2PMCusl/ukMdncuBjRl68zTuuJ4dCMkcv6ATTOkbFWp1B1d
fgBkmITZAoGBAP8pd3Rz30rMIndw4+ZtL/2afJSD9f0ytdZ7/mlQnutcRlCoSrbp
s5mFWXhryyzCEYHeapOX1Rjlp5CLj+2NAw30QEY07XArVxs0w/BB4TXsV/KheVqP
qDZAHTyE4BdXvtJFNOugu/P5OyYuYrSekWJrApZakGiH4ggoHuSd494TAoGBAPex
dIOE10SZG4y1lD0PdTdCpVrE4UrQC3jV9SX9a6LymaP4SARJ0FwzTTHDQbgvUF7R
vL3p3TouX5SDp0RnDWMA81LNRgZSa9wtJu9yXUhn9i7xISAaguLjyDCOKg2lVRsr
Kaq27kcIXmbdKNJu5ozjXz7TebJg/3NL9jtOSMmFAoGAU8Y8hwpoHHmrM0XoPUZK
BFyNXIF66ReWJgZtwAwNMT8Jgv/OEAHoypXCi0vw2BAbiWUJ3s1x1IvKGSYJKjgq
8ZDo7WQBNNu17KPFVQN8OqUPNwUW/8m8s5sXPkBuBpvzdbvtJROPwglpBx8hnyWU
nBiAL/cqBHfgmUb65ZqFLusCgYEA9nEzUh/75x7HEGshwNb+cyr2RqeY2MzCfUm0
DkZkr83dHA3N6aZfjzzj011IqC87MfxQZEypdlfpdWTAKgi2gwjREFN5FpUvB/RM
xvTs5zu479+ua7i0/XZRGi54nPchBFUfseEslrQ26PWmxijdbtRTUbkrXlWwFFFB
/qPXO9kCgYEA16IFZzR79c7mHROpfaUTibrZGYQUn5DggQKaGhaKN6RjI1ZvHUJS
xinp/HDHL2ce8DXsoXwE532xuLqO4ZchpB46DJ19xI1XL4wBk3Mp0NYR3qRPfnzU
VD3C4qagW3Bet+2Fe4ZHamQu27TMSl0IUpcDRjYzQFUSKIv9zDWBtUk=
-----END RSA PRIVATE KEY-----


Do you want add an intermediate certificate? [N]> y

paste intermediate cert in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----

.
intermediate cert = -----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----


Currently using one certificate/key for receiving, delivery, HTTPS
management access, and LDAP.


Choose the operation you want to perform:
- SETUP - Configure security certificates and keys.
[]>

Remarque: Référez-vous à la section obtenante de Certificats du guide utilisateur d'email pour plus d'informations sur la façon obtenir et installer des certifcates.

Informations connexes



Document ID: 117845