首页 > 专利学习

ASA sslvpn window CA认证配置步骤

阅读：评论：0

第一步：window CA搭建，配置ASA和window CA时间同步

第二步：ASA安装window CA根证书，同时申请证书并安装

第三步：ASA配置SSLVPN server

第四步：客户端配置：客户端安装window CA根证书，同时申请证书并安装

第一步：window CA搭建

第二步：搜票网ASA安装window CA根证书，同时申请证书并安装

1、生成rsa密钥对

sslvpngw(config)# domain-name link-infor

sslvpngw(config)# crypto key generate rsa label my.ca.key modulus 1024

INFO: The name for the keys will be: my.ca.key

Keypair generation process begin.

2、Defines x.500 distinguished name

crypto catrustpoint CA1(配置可信站点)

enrollment terminal（注册方式，terminal：用于手动注册；url：secp注册）

fqdn sslvpngw.link-infor

subject-nameCN=sslvpngw.link-infor,OU=network,O=link-infor,C=CH,St=ShangHai

keypairmy.ca.key

crl configure

enrollment url （CRL配置）

crl的更新配置

3、

sslvpngw(config)# crypto ca enroll CA1（从CA服务器获取ID证书）

% Start certificate enrollment ..

% The subject name in the certificate will be: CN=sslvpngw.link-infor,OU=network,O=link-infor,C=CH,St=ShangHai

% The fully-qualified domain name in the certificate will be: sslvpngw.link-infor

% Include the device serial number in the subject name? [yes/no]: n

Display Certificate Request to terminal? [yes/no]: y

Certificate Request follows:

-----BEGIN CERTIFICATE REQUEST-----

MIICIDCCAYkCAQAwgZcxETAPBgNVBAgTCFNoYW5nSGFpMQswCQYDVQQGEwJDSDET

MBEGA1UEChMKbGluay1pbmZvcjEQMA4GA1UECxMHbmV0d29yazEjMCEGA1UEAxMa

c3NsdnBuZ3cubGluay1pbmZvci5jb20uY24xKTAnBgkqhkiG9w0BCQIWGnNzbHZw

bmd3LmxpbmstaW5mb3IuY29tLmNuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB

gQC9hpOZU4tcyyXtp1Ddb0lgPLGwSu3Ol2Q5QlhL0RdCJot1TiEWuQvoT70Y4sJ5

lcXga+f6cA3yKMyx9lnloSaO6pio2fY//t8jeQvTsQJu6FuB84vpMzcFPZAEZAmF

芯片怎么烧录程序gfxvs45zxcDjVnK6GU33HwUPVR/r3tYDAU1tqwvE1fbOcwIDAQABoEgwRgYJKoZI

hvcNAQkOMTkwNzAOBgNVHQ8BAf8EBAMCBaAwJQYDVR0RBB4wHIIac3NsdnBuZ3cu

bGluay1pbmZvci5jb20uY24wDQYJKoZIhvcNAQEFBQADgYEAW2iG+v9Ubz6tTTGi

Bz/4qmc+kSLUtey2FSVCG7KDXmrvZWAWKnk1YKdGIhO9uTIledsNXr4He4/A0gnI

2WEl9W5ScUGA/lcaBeNUx3K/qYmWjIT0ug20L5LZyQjJ0fTnxdGqZOYAOZb6ak7Z

p8t80WUes1sqgzxPHjocKufX2d8=

-----END CERTIFICATE REQUEST-----

Redisplay enrollment request? [yes/no]:

4、申请ASA的证书

辐照灭菌设备

照明母线此base-64编码由crypto ca enroll CA1生成的编码

油田阀门

5、CA服务器管理员接受以上ASA的证书申请，颁发给ASA，同时下载该证书火狐浏览器无法为ASA下载证书

选择Base 64编码

Before you install the identity certificate, the CA certificate must be downloaded from the CA server and installed in the ASA, as shown.

6、下载CA服务器根证书，并安装到ASA中()

下载的根CA用记事本打开，

MIIDcjCCAlqgAwIBAgIQH1N3Mx5mNYRHfVXkdKjjXjANBgkqhkiG9w0BAQUFADAS

MRAwDgYDVQQDEwdDQS1ST09UMB4XDTExMTAzMDAyNDUxNFoXDTE2MTAzMDAyNTQ0

MFowEjEQMA4GA1UEAxMHQ0EtUk9PVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC

AQoCggEBAOR0ExcVPLKQ0mLtZZdUdivVM7gi1AScrlbhqwcHV6/jxS0FLGPRB9ur

tE+sGVKVaHgFlh0lTmkMz904ju0a3TIt8BVsFj0V01tE4HfHxecK+hIn5QhpyQz5

Z25bp1MRAs9LkcM+K+uKXj/NwCkFTxsRVeFm4uGKziIbjG3Se/dxIhucsrSgOgoD

OQCW2NZ99hsiF39ao4e0zBMzBV4gu63ifzPEKlGPZMhaak3a8kKvwitMh7r5S17M

fIC3n1xjufbqblXEJX5BMKTGFOcLSXZe5dA/TFgQca2sB5xhqEt2SsROyUWs/wMQ

RazCqfrbwV60LLmTPCPmIB6hTixqnt0CAwEAAaOBwzCBwDALBgNVHQ8EBAMCAYYw

DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUQ9ga4ow38436ds+jxkuDl8/mwmYw

bwYDVR0fBGgwZjBkoGKgYIYtaHR0cDovLzIwMDMtMjRiNzNiNWU4Yy9DZXJ0RW5y

管式热交换器原理图b2xsL0NBLVJPT1QuY3Jshi9maWxlOi8vXFwyMDAzLTI0YjczYjVlOGNcQ2VydEVu

cm9sbFxDQS1ST09ULmNybDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUF

AAOCAQEAeYbZEDHkFwhfA2140A45Yxuzw/mzxhQ7kntCzeJkC2iES5fngvuBljBb

D5OZkXO8mdB3bRUc+d12TIWGXeBVfh32wtCAR/Ha4YhmyZAxkRAHxWJJ864SLOvz

dZpkInO2P8/rBZzPOQ5HpjyQsBSItmOsRNwEVv4NhqBQUzS/eiP7aJV/hCDOMKPh

Qo5F/wIQKeO6o0j0iRCMnT0Q7YivwhyD1pFPHEYs8ecFJPq8cH+yew5AE/NcIjJw

gIFMOwUZX68M/mC15d4gpzUqy6xdwv+wezEx1IW6rLzjGVf6J8UVpJBnj/3IzN/C

pg9V+ulojOklHspKCme3gYZq8agB6w==

vpngw(config)# crypto ca authenticate CA1

Enter the base 64 encoded CA certificate.

End with the word "quit" on a line by itself