网络应用服务 : Cisco CSS 11500 系列内容服务交换机

如何创建在CSS11500的证书签名请求

2016 年 10 月 27 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 8 月 22 日) | 反馈


目录


简介

本文描述如何创建和上传一证书签名请求(CSR)在CSS11500系列交换机。

开始使用前

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

先决条件

您需要以下信息创建和上传CSR :

  • 国家名(2个字母代码)

  • 状态或省(全名)

  • 现场命名(城市) [SomeCity]

  • 组织名称(公司名称)

  • 组织单位名字(部分) [Web Administration]

  • 公用名称(您的域名) [!ENTITY!]

  • 电子邮件地址[!ENTITY!]

  • CSS11500系列交换机用安全套接字层SSL模块

  • WebNS 7.10或更加高

  • FTP或Secure FTP (SFTP)服务器

  • 在CSS配置的FTP记录

使用的组件

本文档中的信息基于以下软件和硬件版本。

  • CSS11506

  • WebNS 7.20

本文档中的信息都是基于特定实验室环境中的设备创建的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您是在真实网络上操作,请确保您在使用任何命令前已经了解其潜在影响。

创建在CSS11500的证书签名请求

逐步指导

本部分提供有关如何配置本文档所述功能的信息。

  1. 创建公共/专用密钥对。您需要指定位、文件名和密码编号保护公共/私有密钥对。

    CSS11506(config)# ssl genrsa rsa1024.pem 1024 "system"
    Warning this operation could take a while 
    and can cause your console to not respond 
    while the operation is ongoing 
    
    Do you want to continue?, [y/n]:y 
    CSS11506(config)# 
    
    
    
    !--- If you issue the show ssl files command, you will 
    !--- see that the key pair has been created.
     
    
    CSS11506(config)# show ssl files 
     File Name                       File Type File Size 
     ----------------                --------- ------------ 
      rsa1024.pem                     PEM        887 
    
  2. 关联密钥。

    CSS11506(config)# ssl associate rsakey test-ssl rsa1024.pem  
    
    
    !--- test-ssl is the name of the association.
    
    
    View Associations 
    CSS11506(config)# show ssl associate 
     Certificate Name                File Name                       Used by List 
     ----------------                ---------                       ------------ 
    
     RSA Key Name                    File Name                       Used by List 
     ------------                    ---------                       ------------ 
     test-ssl                         rsa1024.pem                           no 
    
     DH Param Name                   File Name                       Used by List 
     -------------                   ---------                       ------------ 
    
     DSA Key Name                    File Name                       Used by List 
     ------------                    ---------                       ------------ 
    
    
  3. 创建CSR。

    CSS11506(config)# ssl gencsr test-ssl  
    
    
    
    !--- test-ssl is the name of the association.
    
    CSS11506(config)# ssl gencsr test-ssl 
    
    
    !--- You will be asked to enter information 
    !--- that will be incorporated into your certificate 
    !--- request. What you are about to enter is 
    !--- called a Distinguished Name or a DN. 
    !--- For some fields, there will be a default value. 
    !--- If you enter '.', the field will be left blank. 
    
    
    Country Name (2 letter code) [US]US 
    State or Province (full name) [SomeState]Massachusetts 
    Locality Name (city) [SomeCity]Boxborough 
    Organization Name (company name) [Acme Inc]Testing SSL 
    Organizational Unit Name (section) [Web Administration]SSL Admin 
    Common Name (your domain name) [www.acme.com]www.testingssl.com 
    Email address [webadmin@acme.com ]webadmin@testingssl.com 
    
  4. 给CSR发电子邮件给您的Certificate Authority (CA)。

    -----BEGIN CERTIFICATE REQUEST----- 
    MIIB6jCCAVMCAQAwgakxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNl 
    dHRzMRMwEQYDVQQHEwpCb3hib3JvdWdoMRQwEgYDVQQKEwtUZXN0aW5nIFNTTDES 
    MBAGA1UECxMJU1NMIEFkbWluMRswGQYDVQQDExJ3d3cudGVzdGluZ3NzbC5jb20x 
    JjAkBgkqhkiG9w0BCQEWF3dlYmFkbWluQHRlc3Rpbmdzc2wuY29tMIGfMA0GCSqG 
    SIb3DQEBAQUAA4GNADCBiQKBgQCutr3grp8cmfQWvE7fX8T77nsVYJMFePqUkelg 
    trJzy/3Obahhv0KdWbWvpXV0gUE3pNujeywn9VKpqG7Y1III+VWo1fqIT86oC7W5 
    qqWzECD3qYCbMOjKqcXZ5m0e3Wbamr1Nvn08BiVdDLkmZ64SzDpMTpONiznl0B2F 
    Ryp7CQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAJdrAqE+l380fBJy5bEU6ApLc 
    RVdGVr1C34yWUIYg86ilW3bATebJCHwGpaKHztpHFikaRxJsZno06qOa8iujM6pn 
    IESkSSTnow2xyNaVbAiTZwaND7+D4Ofk/OQA1bE0BFVyMD6KJ0IIQM/5Wv+wNlef 
    FVOv2Cv7yxryu71pmI0= 
    -----END CERTIFICATE REQUEST----- 
    
    CSS11506(config)# 
  5. 上传证书对CSS。保存您从您的CA接收作为ASCI文件的证书,并且上传它到FTP或SFTP服务器。

    -----BEGIN CERTIFICATE----- 
    MIIDQjCCAuygAwIBAgIQRCMFqA3CWhhqcam90mFtejANBgkqhkiG9w0BAQUFADCB 
    qTEWMBQGA1UEChMNVmVyaVNpZ24sIEluYzFHMEUGA1UECxM+d3d3LnZlcmlzaWdu 
    LmNvbS9yZXBvc2l0b3J5L1Rlc3RDUFMgSW5jb3JwLiBCeSBSZWYuIExpYWIuIExU 
    RC4xRjBEBgNVBAsTPUZvciBWZXJpU2lnbiBhdXRob3JpemVkIHRlc3Rpbmcgb25s 
    eS4gTm8gYXNzdXJhbmNlcyAoQylWUzE5OTcwHhcNMDMwMTA2MDAwMDAwWhcNMDMw 
    MTIwMjM1OTU5WjCBgTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0 
    dHMxEzARBgNVBAcUCkJveGJvcm91Z2gxFDASBgNVBAoUC1Rlc3RpbmcgU1NMMRIw 
    EAYDVQQLFAlTU0wgQWRtaW4xGzAZBgNVBAMUEnd3dy50ZXN0aW5nc3NsLmNvbTCB 
    nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArra94K6fHJn0FrxO31/E++57FWCT 
    BXj6lJHpYLayc8v9zm2oYb9CnVm1r6V1dIFBN6Tbo3ssJ/VSqahu2NSCCPlVqNX6 
    iE/OqAu1uaqlsxAg96mAmzDoyqnF2eZtHt1m2pq9Tb59PAYlXQy5JmeuEsw6TE6T 
    jYs55dAdhUcqewkCAwEAAaOB0TCBzjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBC 
    BgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9TZWN1cmVT 
    ZXJ2ZXJUZXN0aW5nQ0EuY3JsMFEGA1UdIARKMEgwRgYKYIZIAYb4RQEHFTA4MDYG 
    CCsGAQUFBwIBFipodHRwOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1Rl 
    c3RDUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB 
    BQUAA0EAsWuz2lWAKRbRqODlnp3TKhsg79F3x6azUE6VaMGDKpNrFCB2AgbcU25D 
    VAysN/47vavtlFGonK2M/hC78pS9kw== 
    -----END CERTIFICATE----- 

    复制证书对CSS。SFTP是推荐,然而,您能也使用FTP。

    CSS11506# copy ssl ftp ftpserver import sslcert.pem PEM "system"  
    
    
    !--- sslcert.pem is the certificate file, and system is the password 
    !--- used when the key pair was created. 
    
      
    CSS11506# show ssl files 
     File Name                       File Type File Size 
     ----------------                --------- ------------ 
     rsa1024.pem                     PEM        887 
     sslcert.pem                     PEM        1210 ****new cert**** 
    
    
  6. 关联证书。

     CSS11506(config)# ssl associate cert test-ssl sslcert.pem 
    
    
    
     !--- Verify the association.
    
    
     CSS11506(config)# show ssl associate 
     Certificate Name                File Name                       Used by List 
     ----------------                ---------                       ------------ 
     test-ssl                       sslcert.pem                           no 
    
     RSA Key Name                    File Name                       Used by List 
     ------------                   ---------                       ------------ 
     test-ssl                        rsa1024.pem                           no 
    
     DH Param Name                   File Name                       Used by List 
     -------------                   ---------                       ------------ 
    
     DSA Key Name                    File Name                       Used by List 
     ------------                    ---------                       ------------ 
    

验证

当前没有可用于此配置的验证过程。

故障排除

目前没有针对此配置的故障排除信息。


相关信息


Document ID: 43700