Cisco Preparative Procedures & Operational User Guide
© 2016 Cisco Systems, Inc. All rights reserved.
4.5.5.2 Configure SSH via GUI
1) Choose Platform Settings > SSH.
2) To enable SSH access to the Firepower chassis, check the Enable SSH check box. To disable SSH
access, uncheck the Enable SSH check box.
3) Click Save.
4.5.6 Configure PKI
This section describes how to configure HTTPS and IPsec on the FXOS chassis.
NOTE! You can change the HTTPS port using Firepower Chassis Manager or the FXOS CLI.
All other HTTPS configuration can only be done using the FXOS CLI.
4.5.6.1 Certificates and Trust Points
HTTPS and IPsec use components of the Public Key Infrastructure (PKI) to establish secure
communications between two devices, such as a client's browser and the FXOS chassis.
Certificates
A certificate is a file containing a device's public key along with signed information about the device's
identity. To merely support encrypted communications, a device can generate its own key pair and its
own self-signed certificate. When a remote user connects to a device that presents a self-signed
certificate, the user has no easy method to verify the identity of the device, and the user's browser will
initially display an authentication warning. By default, FXOS contains a built-in self-signed certificate
containing the public key from the default key ring.
Trust Points
To provide stronger authentication for FXOS, you can obtain and install a third-party certificate from a
trusted source, or trust point, that affirms the identity of your device. The third-party certificate is signed
by the issuing trust point, which can be a root certificate authority (CA) or an intermediate CA or trust
anchor that is part of a trust chain that leads to a root CA. To obtain a new certificate (e.g., for TLS
mutual authentication), you must generate a certificate request through FXOS and submit the request to a
trust point.
IMPORTANT! The certificate must be in Base 64 encoded X.509 (CER) format.
4.5.6.2 Creating a Key Ring
FXOS supports a maximum of 8 key rings, including the default key ring.
1) Enter security mode:
Firepower-chassis# scope security
2) Create and name the key ring:
To Next Page
Loading...
Need help?
General
