{"id":402,"date":"2010-06-01T09:41:25","date_gmt":"2010-06-01T01:41:25","guid":{"rendered":"http:\/\/www.yaoge123.com\/blog\/?p=402"},"modified":"2011-03-26T22:15:38","modified_gmt":"2011-03-26T14:15:38","slug":"cisco-asa-%e4%b8%bassl-vpn%e5%af%bc%e5%85%a5%e8%af%81%e4%b9%a6","status":"publish","type":"post","link":"https:\/\/www.yaoge123.com\/blog\/archives\/402","title":{"rendered":"Cisco ASA \u4e3aSSL VPN\u5bfc\u5165\u8bc1\u4e66"},"content":{"rendered":"<p>\u9996\u5148\u751f\u6210\u79c1\u94a5\u548c\u8bc1\u4e66\u8bf7\u6c42\uff1a<br \/>\nopenssl genrsa -des3 -out ssl.key 2048<br \/>\nopenssl req -new -key ssl.key -out ssl.csr<br \/>\n\u5c06ssl.csr\u53d1\u7ed9CA\uff0cCA\u5c06\u8fd4\u56de\u8bc1\u4e66\u6587\u4ef6ssl.cer\u3002<br \/>\n\u5c06\u79c1\u94a5\u548c\u8bc1\u4e66\u5408\u5e76\u6210PKCS12\u6587\u4ef6\uff0cchain.cer\u662f\u8bc1\u4e66\u94fe\u6587\u4ef6\uff0c\u6240\u6709\u7684\u8bc1\u4e66\u94fe\u5fc5\u987b\u90fd\u653e\u5728\u8fd9\u4e2a\u6587\u4ef6\u91cc\uff1a<br \/>\nopenssl pkcs12 -export -inkey ssl.key -in ssl.cer -certfile chain.cer -out ssl.p12<br \/>\n\u8fdb\u5165ASDM &#8211; Configuration &#8211; Device Management &#8211; Certificate Management &#8211; Identity Cerificates\uff0c\u70b9Add\uff0c\u7ed9\u8fd9\u5957\u8bc1\u4e66\u53d6\u4e00\u4e2a\u540d\u5b57\u586b\u5165Trustpoint Name\uff0c\u9009\u62e9Import the identity certificate from a file:\uff0c\u5bfc\u5165\u521a\u521a\u751f\u6210\u7684ssl.p12\u5e76\u8f93\u5165\u5bc6\u7801\u3002<\/p>\n<p>\u6216\u8005\u4e5f\u53ef\u4ee5\u9009\u62e9Add a new identity certificate:\uff0c\u7528ASA\u751f\u6210\u79c1\u94a5\u548c\u8bc1\u4e66\u8bf7\u6c42\uff0c\u8fd9\u6837\u5c31\u4e0d\u9700\u8981\u7528\u4e0a\u9762\u7684openssl\u4e86\u3002Key Pair\u4e3a\u79c1\u94a5\uff0cASA\u9ed8\u8ba4\u4e3a1024\uff0c\u5efa\u8bae\u70b9\u51fbNew\u65b0\u751f\u6210\u4e00\u4e2a2048\u4f4d\u7684\u79c1\u94a5\uff0c\u586b\u5199\u76f8\u5173\u4fe1\u606f\u7528\u65b0\u7684\u79c1\u94a5\u751f\u6210\u4e00\u4e2a\u8bc1\u4e66\u8bf7\u6c42\u6587\u4ef6\uff0c\u5c06\u8fd9\u4e2acsr\u6587\u4ef6\u53d1\u7ed9CA\uff0cCA\u8fd4\u56de\u8bc1\u4e66\u6587\u4ef6Install\u8fdb\u53bb\u5c31\u597d\u4e86\u3002<\/p>\n<p>\u5b8c\u6210\u4ee5\u4e0a\u6b65\u9aa4\u5c31\u5df2\u7ecf\u5bfc\u5165\u4e86\u65b0\u7684\u8bc1\u4e66\uff0c\u4e0b\u9762\u8fd8\u9700\u8981\u5c06\u8be5\u8bc1\u4e66\u6307\u5b9a\u7ed9\u67d0\u4e00\u4e2a\u7aef\u53e3\u3002\u5728Device Management &#8211; Advanced &#8211; SSL Settings &#8211; Certificates\uff0c\u5c06\u521a\u521a\u5bfc\u5165\u8bc1\u4e66\u7684Trustpoint Name\u6307\u5b9a\u7ed9\u9700\u8981\u7684Interface\u5373\u53ef\u3002\u597d\u4e86\u73b0\u5728\u5728\u767b\u5f55SSL VPN\u5c31\u53d1\u73b0\u662f\u65b0\u7684\u8bc1\u4e66\u4e86\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u9996\u5148\u751f\u6210\u79c1\u94a5\u548c\u8bc1\u4e66\u8bf7\u6c42\uff1a openssl genrsa -des3 -out ssl.key 2048 ope [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[13],"tags":[20,25,208],"class_list":["post-402","post","type-post","status-publish","format-standard","hentry","category-cisco","tag-asa","tag-certificate","tag-cisco"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paOwEq-6u","_links":{"self":[{"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/posts\/402","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/comments?post=402"}],"version-history":[{"count":3,"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/posts\/402\/revisions"}],"predecessor-version":[{"id":667,"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/posts\/402\/revisions\/667"}],"wp:attachment":[{"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/media?parent=402"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/categories?post=402"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/tags?post=402"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}