Безопасность : устройства безопасности электронной почты Cisco ESA

Установите сертификат SSL через CLI на ESA

20 октября 2016 - Машинный перевод
Другие версии: PDF-версия:pdf | Английский (22 августа 2015) | Отзыв

Введение

Этот документ описывает, как установить сертификат Уровня защищенных сокетов (SSL), который включает промежуточный сертификат SSL через CLI на Cisco Email Security Appliance (ESA).

Внесенный Дэвидом Армистидом и Робертом Шервином, специалистами службы технической поддержки Cisco.

Prerequistes

Компания Cisco рекомендует предварительно ознакомиться со следующими предметами:

  • ESA
  • Все версии AsyncOS

Установите сертификат SSL

ESA вызовет для промежуточного сертификата после серверного сертификата. В случае необходимости можно установить несколько промежуточных сертификатов.

Ниже представлен пример выходных данных.

Примечание: Это самоподписанные пробные сертификаты. Не пытайтесь использовать их.



ironport.example.com> certconfig

Currently using one certificate/key for receiving, delivery, HTTPS
management access, and LDAP.


Choose the operation you want to perform:
- SETUP - Configure security certificates and keys.
[]> setup

Do you want to use one certificate/key for receiving, delivery, HTTPS
management access, and LDAPS? [Y]>

paste cert in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----

.
cert = -----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----


paste key in PEM format (end with '.'):
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9uHiDtQRZXEjEj5RBObDe/s2t40+o6Eur9QS9B7ZSkuLlYsK
F4r1/iYoh3zO7jS2ihLTu4Dp2UKJSbJmnrnKqgV5tnKdTo/PeF8VoqF4WaJATNcc
vZmbKWzDcCC8UTH211ZhS8IS85v3hvfiXsK1bleEZYSYRse2J/0NbxiJEwJoxTrg
kFZKxnCKZ5eI1zzjCXZqS6cNC1GGZX0YEVWD0npikRqjsWcXhLmycOz1T4k5hoGK
JCB/CJjg+Tk0T7s1qBI66G753j2CK8ko0cl3Z3JDxnsJAf097SJKU5BBiXrzGQES
v9+pReXnWY8oFWA83zM+y3tbV2MI/NLfMBdK3wIDAQABAoIBAQCmPpb9yznnqFao
e0QNW+M5AoHm+fq7LteEWPdmYbuKNvLIgXcLQWzCdimGirnBV8evlFv1gCp4PUC7
WqGVsqBQ+xzpiaZ594cKlGS6PacQHJzV4WieF+iO7YlxYOnOdymz+ZvM6uPeHSGC
Rjut+ck4g0BJKA9uYh88MD+ylr//Bqau0/H13/7Kxb337k9OwKLtgPnQe94/FPWx
d0Sb1UccFop/lNUuqBrjE9HUojADZtWAigJnBm8c4mG6gx3ZYlXP6PD2Ww7tkbcR
llh/x0xP4l4Rtt3DL2PMCusl/ukMdncuBjRl68zTuuJ4dCMkcv6ATTOkbFWp1B1d
fgBkmITZAoGBAP8pd3Rz30rMIndw4+ZtL/2afJSD9f0ytdZ7/mlQnutcRlCoSrbp
s5mFWXhryyzCEYHeapOX1Rjlp5CLj+2NAw30QEY07XArVxs0w/BB4TXsV/KheVqP
qDZAHTyE4BdXvtJFNOugu/P5OyYuYrSekWJrApZakGiH4ggoHuSd494TAoGBAPex
dIOE10SZG4y1lD0PdTdCpVrE4UrQC3jV9SX9a6LymaP4SARJ0FwzTTHDQbgvUF7R
vL3p3TouX5SDp0RnDWMA81LNRgZSa9wtJu9yXUhn9i7xISAaguLjyDCOKg2lVRsr
Kaq27kcIXmbdKNJu5ozjXz7TebJg/3NL9jtOSMmFAoGAU8Y8hwpoHHmrM0XoPUZK
BFyNXIF66ReWJgZtwAwNMT8Jgv/OEAHoypXCi0vw2BAbiWUJ3s1x1IvKGSYJKjgq
8ZDo7WQBNNu17KPFVQN8OqUPNwUW/8m8s5sXPkBuBpvzdbvtJROPwglpBx8hnyWU
nBiAL/cqBHfgmUb65ZqFLusCgYEA9nEzUh/75x7HEGshwNb+cyr2RqeY2MzCfUm0
DkZkr83dHA3N6aZfjzzj011IqC87MfxQZEypdlfpdWTAKgi2gwjREFN5FpUvB/RM
xvTs5zu479+ua7i0/XZRGi54nPchBFUfseEslrQ26PWmxijdbtRTUbkrXlWwFFFB
/qPXO9kCgYEA16IFZzR79c7mHROpfaUTibrZGYQUn5DggQKaGhaKN6RjI1ZvHUJS
xinp/HDHL2ce8DXsoXwE532xuLqO4ZchpB46DJ19xI1XL4wBk3Mp0NYR3qRPfnzU
VD3C4qagW3Bet+2Fe4ZHamQu27TMSl0IUpcDRjYzQFUSKIv9zDWBtUk=
-----END RSA PRIVATE KEY-----

.
key = -----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9uHiDtQRZXEjEj5RBObDe/s2t40+o6Eur9QS9B7ZSkuLlYsK
F4r1/iYoh3zO7jS2ihLTu4Dp2UKJSbJmnrnKqgV5tnKdTo/PeF8VoqF4WaJATNcc
vZmbKWzDcCC8UTH211ZhS8IS85v3hvfiXsK1bleEZYSYRse2J/0NbxiJEwJoxTrg
kFZKxnCKZ5eI1zzjCXZqS6cNC1GGZX0YEVWD0npikRqjsWcXhLmycOz1T4k5hoGK
JCB/CJjg+Tk0T7s1qBI66G753j2CK8ko0cl3Z3JDxnsJAf097SJKU5BBiXrzGQES
v9+pReXnWY8oFWA83zM+y3tbV2MI/NLfMBdK3wIDAQABAoIBAQCmPpb9yznnqFao
e0QNW+M5AoHm+fq7LteEWPdmYbuKNvLIgXcLQWzCdimGirnBV8evlFv1gCp4PUC7
WqGVsqBQ+xzpiaZ594cKlGS6PacQHJzV4WieF+iO7YlxYOnOdymz+ZvM6uPeHSGC
Rjut+ck4g0BJKA9uYh88MD+ylr//Bqau0/H13/7Kxb337k9OwKLtgPnQe94/FPWx
d0Sb1UccFop/lNUuqBrjE9HUojADZtWAigJnBm8c4mG6gx3ZYlXP6PD2Ww7tkbcR
llh/x0xP4l4Rtt3DL2PMCusl/ukMdncuBjRl68zTuuJ4dCMkcv6ATTOkbFWp1B1d
fgBkmITZAoGBAP8pd3Rz30rMIndw4+ZtL/2afJSD9f0ytdZ7/mlQnutcRlCoSrbp
s5mFWXhryyzCEYHeapOX1Rjlp5CLj+2NAw30QEY07XArVxs0w/BB4TXsV/KheVqP
qDZAHTyE4BdXvtJFNOugu/P5OyYuYrSekWJrApZakGiH4ggoHuSd494TAoGBAPex
dIOE10SZG4y1lD0PdTdCpVrE4UrQC3jV9SX9a6LymaP4SARJ0FwzTTHDQbgvUF7R
vL3p3TouX5SDp0RnDWMA81LNRgZSa9wtJu9yXUhn9i7xISAaguLjyDCOKg2lVRsr
Kaq27kcIXmbdKNJu5ozjXz7TebJg/3NL9jtOSMmFAoGAU8Y8hwpoHHmrM0XoPUZK
BFyNXIF66ReWJgZtwAwNMT8Jgv/OEAHoypXCi0vw2BAbiWUJ3s1x1IvKGSYJKjgq
8ZDo7WQBNNu17KPFVQN8OqUPNwUW/8m8s5sXPkBuBpvzdbvtJROPwglpBx8hnyWU
nBiAL/cqBHfgmUb65ZqFLusCgYEA9nEzUh/75x7HEGshwNb+cyr2RqeY2MzCfUm0
DkZkr83dHA3N6aZfjzzj011IqC87MfxQZEypdlfpdWTAKgi2gwjREFN5FpUvB/RM
xvTs5zu479+ua7i0/XZRGi54nPchBFUfseEslrQ26PWmxijdbtRTUbkrXlWwFFFB
/qPXO9kCgYEA16IFZzR79c7mHROpfaUTibrZGYQUn5DggQKaGhaKN6RjI1ZvHUJS
xinp/HDHL2ce8DXsoXwE532xuLqO4ZchpB46DJ19xI1XL4wBk3Mp0NYR3qRPfnzU
VD3C4qagW3Bet+2Fe4ZHamQu27TMSl0IUpcDRjYzQFUSKIv9zDWBtUk=
-----END RSA PRIVATE KEY-----


Do you want add an intermediate certificate? [N]> y

paste intermediate cert in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----

.
intermediate cert = -----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----


Currently using one certificate/key for receiving, delivery, HTTPS
management access, and LDAP.


Choose the operation you want to perform:
- SETUP - Configure security certificates and keys.
[]>

Примечание: См. раздел Сертификатов Получения Почтового Руководства пользователя для получения дополнительной информации о том, как получить и установить certifcates.

Дополнительные сведения



Document ID: 117845