2024年3月29日发(作者:)
第一步:window CA搭建,配置ASA和window CA时间同步
第二步:ASA安装window CA根证书,同时申请证书并安装
第三步:ASA配置SSLVPN server
第四步:客户端配置:客户端安装window CA根证书,同时申请证书并安装
第一步:window CA搭建
第二步:ASA安装window CA根证书,同时申请证书并安装
1、生成rsa密钥对
sslvpngw(config)# domain-name
sslvpngw(config)# crypto key generate rsa label modulus 1024
INFO: The name for the keys will be:
Keypair generation process begin.
2、
Defines x.500 distinguished name
crypto catrustpoint CA1(配置可信站点)
enrollment terminal(注册方式,terminal:用于手动注册;url:secp注册)
fqdn
subject-nameCN=,OU=network,O=link-infor,C=CH,St=ShangH
ai
crl configure
enrollment url (CRL配置)
crl的更新配置
3、
sslvpngw(config)# crypto ca enroll CA1(从CA服务器获取ID证书)
% Start certificate enrollment ..
% The subject name in the certificate will be:
CN=,OU=network,O=link-infor,C=CH,St=ShangHai
% The fully-qualified domain name in the certificate will be:
% Include the device serial number in the subject name? [yes/no]: n
Display Certificate Request to terminal? [yes/no]: y
Certificate Request follows:
-----BEGIN CERTIFICATE REQUEST-----
MIICIDCCAYkCAQAwgZcxETAPBgNVBAgTCFNoYW5nSGFpMQswCQYDVQQGEwJDSDET
MBEGA1UEChMKbGluay1pbmZvcjEQMA4GA1UECxMHbmV0d29yazEjMCEGA1UEAxMa
c3NsdnBuZ3cubGluay1pbmZvci5jb20uY24xKTAnBgkqhkiG9w0BCQIWGnNzbHZw
bmd3LmxpbmstaW5mb3IuY29tLmNuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQC9hpOZU4tcyyXtp1Ddb0lgPLGwSu3Ol2Q5QlhL0RdCJot1TiEWuQvoT70Y4sJ5
lcXga+f6cA3yKMyx9lnloSaO6pio2fY//t8jeQvTsQJu6FuB84vpMzcFPZAEZAmF
gfxvs45zxcDjVnK6GU33HwUPVR/r3tYDAU1tqwvE1fbOcwIDAQABoEgwRgYJKoZI
hvcNAQkOMTkwNzAOBgNVHQ8BAf8EBAMCBaAwJQYDVR0RBB4wHIIac3NsdnBuZ3cu
bGluay1pbmZvci5jb20uY24wDQYJKoZIhvcNAQEFBQADgYEAW2iG+v9Ubz6tTTGi
Bz/4qmc+kSLUtey2FSVCG7KDXmrvZWAWKnk1YKdGIhO9uTIledsNXr4He4/A0gnI
2WEl9W5ScUGA/lcaBeNUx3K/qYmWjIT0ug20L5LZyQjJ0fTnxdGqZOYAOZb6ak7Z
p8t80WUes1sqgzxPHjocKufX2d8=
-----END CERTIFICATE REQUEST-----
Redisplay enrollment request? [yes/no]:
4、申请ASA的证书
发布评论