Seguridad : Cisco Email Security Appliance

Instale un certificado SSL vía el CLI en un ESA

17 Octubre 2016 - Traducción Automática
Otras Versiones: PDFpdf | Inglés (22 Agosto 2015) | Comentarios

Introducción

Este documento describe cómo instalar un certificado de Secure Sockets Layer (SSL), que incluye un certificado intermedio SSL, vía el CLI en un dispositivo de seguridad del correo electrónico de Cisco (ESA).

Contribuido por David Armistead y Roberto Sherwin, ingenieros de Cisco TAC.

Prerequistes

Cisco recomienda que tenga conocimiento sobre estos temas:

  • ESA
  • Todas las versiones de AsyncOS

Instale un certificado SSL

El ESA indicará para el certificado intermedio después del certificado de servidor. Si es necesario, usted puede instalar más de un certificado intermedio.

Aquí está una salida de ejemplo.

Nota: Éstos son certificados de prueba uno mismo-firmados. No intente utilizarlos.



ironport.example.com> certconfig

Currently using one certificate/key for receiving, delivery, HTTPS
management access, and LDAP.


Choose the operation you want to perform:
- SETUP - Configure security certificates and keys.
[]> setup

Do you want to use one certificate/key for receiving, delivery, HTTPS
management access, and LDAPS? [Y]>

paste cert in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----

.
cert = -----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----


paste key in PEM format (end with '.'):
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9uHiDtQRZXEjEj5RBObDe/s2t40+o6Eur9QS9B7ZSkuLlYsK
F4r1/iYoh3zO7jS2ihLTu4Dp2UKJSbJmnrnKqgV5tnKdTo/PeF8VoqF4WaJATNcc
vZmbKWzDcCC8UTH211ZhS8IS85v3hvfiXsK1bleEZYSYRse2J/0NbxiJEwJoxTrg
kFZKxnCKZ5eI1zzjCXZqS6cNC1GGZX0YEVWD0npikRqjsWcXhLmycOz1T4k5hoGK
JCB/CJjg+Tk0T7s1qBI66G753j2CK8ko0cl3Z3JDxnsJAf097SJKU5BBiXrzGQES
v9+pReXnWY8oFWA83zM+y3tbV2MI/NLfMBdK3wIDAQABAoIBAQCmPpb9yznnqFao
e0QNW+M5AoHm+fq7LteEWPdmYbuKNvLIgXcLQWzCdimGirnBV8evlFv1gCp4PUC7
WqGVsqBQ+xzpiaZ594cKlGS6PacQHJzV4WieF+iO7YlxYOnOdymz+ZvM6uPeHSGC
Rjut+ck4g0BJKA9uYh88MD+ylr//Bqau0/H13/7Kxb337k9OwKLtgPnQe94/FPWx
d0Sb1UccFop/lNUuqBrjE9HUojADZtWAigJnBm8c4mG6gx3ZYlXP6PD2Ww7tkbcR
llh/x0xP4l4Rtt3DL2PMCusl/ukMdncuBjRl68zTuuJ4dCMkcv6ATTOkbFWp1B1d
fgBkmITZAoGBAP8pd3Rz30rMIndw4+ZtL/2afJSD9f0ytdZ7/mlQnutcRlCoSrbp
s5mFWXhryyzCEYHeapOX1Rjlp5CLj+2NAw30QEY07XArVxs0w/BB4TXsV/KheVqP
qDZAHTyE4BdXvtJFNOugu/P5OyYuYrSekWJrApZakGiH4ggoHuSd494TAoGBAPex
dIOE10SZG4y1lD0PdTdCpVrE4UrQC3jV9SX9a6LymaP4SARJ0FwzTTHDQbgvUF7R
vL3p3TouX5SDp0RnDWMA81LNRgZSa9wtJu9yXUhn9i7xISAaguLjyDCOKg2lVRsr
Kaq27kcIXmbdKNJu5ozjXz7TebJg/3NL9jtOSMmFAoGAU8Y8hwpoHHmrM0XoPUZK
BFyNXIF66ReWJgZtwAwNMT8Jgv/OEAHoypXCi0vw2BAbiWUJ3s1x1IvKGSYJKjgq
8ZDo7WQBNNu17KPFVQN8OqUPNwUW/8m8s5sXPkBuBpvzdbvtJROPwglpBx8hnyWU
nBiAL/cqBHfgmUb65ZqFLusCgYEA9nEzUh/75x7HEGshwNb+cyr2RqeY2MzCfUm0
DkZkr83dHA3N6aZfjzzj011IqC87MfxQZEypdlfpdWTAKgi2gwjREFN5FpUvB/RM
xvTs5zu479+ua7i0/XZRGi54nPchBFUfseEslrQ26PWmxijdbtRTUbkrXlWwFFFB
/qPXO9kCgYEA16IFZzR79c7mHROpfaUTibrZGYQUn5DggQKaGhaKN6RjI1ZvHUJS
xinp/HDHL2ce8DXsoXwE532xuLqO4ZchpB46DJ19xI1XL4wBk3Mp0NYR3qRPfnzU
VD3C4qagW3Bet+2Fe4ZHamQu27TMSl0IUpcDRjYzQFUSKIv9zDWBtUk=
-----END RSA PRIVATE KEY-----

.
key = -----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9uHiDtQRZXEjEj5RBObDe/s2t40+o6Eur9QS9B7ZSkuLlYsK
F4r1/iYoh3zO7jS2ihLTu4Dp2UKJSbJmnrnKqgV5tnKdTo/PeF8VoqF4WaJATNcc
vZmbKWzDcCC8UTH211ZhS8IS85v3hvfiXsK1bleEZYSYRse2J/0NbxiJEwJoxTrg
kFZKxnCKZ5eI1zzjCXZqS6cNC1GGZX0YEVWD0npikRqjsWcXhLmycOz1T4k5hoGK
JCB/CJjg+Tk0T7s1qBI66G753j2CK8ko0cl3Z3JDxnsJAf097SJKU5BBiXrzGQES
v9+pReXnWY8oFWA83zM+y3tbV2MI/NLfMBdK3wIDAQABAoIBAQCmPpb9yznnqFao
e0QNW+M5AoHm+fq7LteEWPdmYbuKNvLIgXcLQWzCdimGirnBV8evlFv1gCp4PUC7
WqGVsqBQ+xzpiaZ594cKlGS6PacQHJzV4WieF+iO7YlxYOnOdymz+ZvM6uPeHSGC
Rjut+ck4g0BJKA9uYh88MD+ylr//Bqau0/H13/7Kxb337k9OwKLtgPnQe94/FPWx
d0Sb1UccFop/lNUuqBrjE9HUojADZtWAigJnBm8c4mG6gx3ZYlXP6PD2Ww7tkbcR
llh/x0xP4l4Rtt3DL2PMCusl/ukMdncuBjRl68zTuuJ4dCMkcv6ATTOkbFWp1B1d
fgBkmITZAoGBAP8pd3Rz30rMIndw4+ZtL/2afJSD9f0ytdZ7/mlQnutcRlCoSrbp
s5mFWXhryyzCEYHeapOX1Rjlp5CLj+2NAw30QEY07XArVxs0w/BB4TXsV/KheVqP
qDZAHTyE4BdXvtJFNOugu/P5OyYuYrSekWJrApZakGiH4ggoHuSd494TAoGBAPex
dIOE10SZG4y1lD0PdTdCpVrE4UrQC3jV9SX9a6LymaP4SARJ0FwzTTHDQbgvUF7R
vL3p3TouX5SDp0RnDWMA81LNRgZSa9wtJu9yXUhn9i7xISAaguLjyDCOKg2lVRsr
Kaq27kcIXmbdKNJu5ozjXz7TebJg/3NL9jtOSMmFAoGAU8Y8hwpoHHmrM0XoPUZK
BFyNXIF66ReWJgZtwAwNMT8Jgv/OEAHoypXCi0vw2BAbiWUJ3s1x1IvKGSYJKjgq
8ZDo7WQBNNu17KPFVQN8OqUPNwUW/8m8s5sXPkBuBpvzdbvtJROPwglpBx8hnyWU
nBiAL/cqBHfgmUb65ZqFLusCgYEA9nEzUh/75x7HEGshwNb+cyr2RqeY2MzCfUm0
DkZkr83dHA3N6aZfjzzj011IqC87MfxQZEypdlfpdWTAKgi2gwjREFN5FpUvB/RM
xvTs5zu479+ua7i0/XZRGi54nPchBFUfseEslrQ26PWmxijdbtRTUbkrXlWwFFFB
/qPXO9kCgYEA16IFZzR79c7mHROpfaUTibrZGYQUn5DggQKaGhaKN6RjI1ZvHUJS
xinp/HDHL2ce8DXsoXwE532xuLqO4ZchpB46DJ19xI1XL4wBk3Mp0NYR3qRPfnzU
VD3C4qagW3Bet+2Fe4ZHamQu27TMSl0IUpcDRjYzQFUSKIv9zDWBtUk=
-----END RSA PRIVATE KEY-----


Do you want add an intermediate certificate? [N]> y

paste intermediate cert in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----

.
intermediate cert = -----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----


Currently using one certificate/key for receiving, delivery, HTTPS
management access, and LDAP.


Choose the operation you want to perform:
- SETUP - Configure security certificates and keys.
[]>

Nota: Refiera a la sección de obtención de los Certificados del guía del usuario del correo electrónico para más información sobre cómo obtener y instalar los certifcates.

Información Relacionada



Document ID: 117845