1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Firewall
  5. Firepower 4110
  6. Preparative procedures & operational user manual

Configure Ssh Via Gui; Configure Pki; Certificates And Trust Points; Creating A Key Ring - Cisco Firepower 4110 Preparative Procedures & Operational User Manual

Firepower 4100 series; firepower 9000 series
Hide thumbs Also See for Firepower 4110:
Table of Contents

Advertisement

Cisco Preparative Procedures & Operational User Guide

4.5.5.2 Configure SSH via GUI

1) Choose
Platform Settings
2) To enable SSH access to the Firepower chassis, check the
access, uncheck the
3) Click Save.

4.5.6 Configure PKI

This section describes how to configure HTTPS and IPsec on the FXOS chassis.
NOTE!
You can change the HTTPS port using Firepower Chassis Manager or the FXOS CLI.
All other HTTPS configuration can only be done using the FXOS CLI.

4.5.6.1 Certificates and Trust Points

HTTPS and IPsec use components of the Public Key Infrastructure (PKI) to establish secure
communications between two devices, such as a client's browser and the FXOS chassis.
Certificates
A certificate is a file containing a device's public key along with signed information about the device's
identity. To merely support encrypted communications, a device can generate its own key pair and its
own self-signed certificate. When a remote user connects to a device that presents a self-signed
certificate, the user has no easy method to verify the identity of the device, and the user's browser will
initially display an authentication warning. By default, FXOS contains a built-in self-signed certificate
containing the public key from the default key ring.
Trust Points
To provide stronger authentication for FXOS, you can obtain and install a third-party certificate from a
trusted source, or trust point, that affirms the identity of your device. The third-party certificate is signed
by the issuing trust point, which can be a root certificate authority (CA) or an intermediate CA or trust
anchor that is part of a trust chain that leads to a root CA. To obtain a new certificate (e.g., for TLS
mutual authentication), you must generate a certificate request through FXOS and submit the request to a
trust point.
IMPORTANT!
The certificate must be in Base 64 encoded X.509 (CER) format.

4.5.6.2 Creating a Key Ring

FXOS supports a maximum of 8 key rings, including the default key ring.
1) Enter security mode:
Firepower-chassis# scope security
2) Create and name the key ring:
© 2016 Cisco Systems, Inc. All rights reserved.
> SSH.
Enable SSH
check box.
Enable SSH
check box. To disable SSH
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco Firepower 4110

Related Content for Cisco Firepower 4110

This manual is also suitable for:

Firepower 4140Firepower 4120Firepower 9300

Table of Contents