购买或续订
购买或续订
Umbrella 发布说明和公告现已在 Cisco 社区发布!点击查看详情。
取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
搜索替代 
您的意思是: 
cancel
创建新文章
159
查看次数
0
有帮助
0
评论

导入 PEM 格式证书

Masaki Yamauchi
Cisco Employee
Cisco Employee

发布时间 ‎12-28-2025 05:13 PM

Secure Email Gateway (SEG) 允许您通过图形用户界面 (GUI) 导入 PKCS#12 格式的证书,但导入 PEM 格式的证书则需要使用命令行界面 (CLI)。以下示例演示了如何粘贴并导入 PEM 格式的证书、私钥和中间证书。

esa.example.com > certconfig


Choose the operation you want to perform:
- CERTIFICATE - Import, Create a request, Edit or Remove Certificate Profiles
- CERTAUTHORITY - Manage System and Customized Authorities
- CRL - Manage Certificate Revocation Lists
[]> certificate

List of Certificates
Name Common Name Issued By Status Remaining FQDN compliance checked
--------- -------------------- -------------------- ------------- --------- -----------------------
Cisco ESA Cisco ESA Certificat Cisco ESA Certificat Valid 834 days No

Choose the operation you want to perform:
- IMPORT - Import a certificate from a local PKCS#12 file
- PASTE - Paste a certificate into the CLI
- NEW - Create a self-signed certificate and CSR
- EDIT - Update certificate or view the signing request
- EXPORT - Export a certificate
- DELETE - Remove a certificate
- PRINT - View certificates assigned to services
[]> paste

Enter a name for this certificate profile:
> test certificate

Paste public certificate in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIIFTjCCAzagAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCSlAx
DjAMBgNVBAgMBVRva3lvMQ4wDAYDVQQKDAVDaXNjbzEMMAoGA1UECwwDVEFDMSEw
HwYDVQQDDBhUQUMgVGVzdCBJbnRlcm1lZGlhdGUgQ0EwHhcNMjUwNzIxMDQyOTM5
WhcNMjYwNzMxMDQyOTM5WjBWMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8x
DjAMBgNVBAoMBUNpc2NvMQwwCgYDVQQLDANUQUMxGTAXBgNVBAMMEGVzYTEuZXhh
- snip -
DG23/5yJ55MZAOrCyvUM0dgjA2PtijhXi361efT4cPBtjC5O0/IN0KvCn2Qd1qgB
Y3RYM+SizJ3LV2Gi+W4UYUqld6L7V2uoN/AM2XdnP2bvnsVlJFkjzeNU+h0ZVAfu
/0HpATIbU0FB50b+7f9endkspdFH4c2gDCG/MZM+/pgNN26LnXk/FgItfG+fzKuh
T4o95/yR5sDvrhbsA1oHvfIhDfPuVx/KNszr/4+nZmSD5/tej0RNeb/8awtNgBmj
42BqJDkXkCPJu6u8B5W4WOGz
-----END CERTIFICATE-----
.
C=JP,ST=Tokyo,O=Cisco,OU=TAC,CN=esa.example.com

Paste private key in PEM format (end with '.'):
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAuePg7Shnl19q4NvXlN/s/4xvY7EHkgbGXc4jO4aGUnm7xR4y
qxavff4FUMLkbuRjhjq9KhJYWhEQtX3sqYfNWLYOhHG453/RuZyples58rBcWgoL
EEF3EHZ4vGFdVbbNKYcTkhc48HDGNZQi2wz9CZVIi6Q8sig8Ekb2QMnLLTgRsYSc
BGmqU9+9IVOCEJnt2yLudeX33WBtVb7ZsHaceGUi2RIaXU8cw0RG2BZocNYYRmFP
HIBjXq5xnuVmD10/e3vgwiFCK3PZGyv8JWAt6m2vHC/wYvFQEUz/xCeed3xTAOfX
- snip -
9QF1VWbsG6gLO0+j3RLMSqFb/rwQzXa+4wydjpJ06Q4Fv2b+tqwrrILqtGhWj8Ht
hlVYNOdrOcn7DBbFCW8OH6956tb98zim+tbjNEIOBgQO7kzQqjJ4UsLn06QLNO/Z
t89EQQKBgFK/oP8yjxWoc91GnNfefDDtFAz63DwYAffydTeqs2M9e9+D73CJ3CNO
r1p/G0/RdsWrDRAvm4pyFZrRaatFFO2mr0b0kTemsGbekIJRPgby5IWkrlZYnp5J
hfwBFQ2ne7IuP3AveO1UmpfJ9tq3iB+D6Ik3tjMl+TXW161g9nyE
-----END RSA PRIVATE KEY-----
.

Do you want to add an intermediate certificate? [N]> y

Paste intermediate certificate in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIIFljCCA36gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCSlAx
DjAMBgNVBAgMBVRva3lvMQ4wDAYDVQQKDAVDaXNjbzEMMAoGA1UECwwDVEFDMRkw
FwYDVQQDDBBUQUMgVGVzdCBSb290IENBMB4XDTI1MDcyMTAzMTUxNVoXDTM1MDcx
OTAzMTUxNVowXjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQ4wDAYDVQQK
DAVDaXNjbzEMMAoGA1UECwwDVEFDMSEwHwYDVQQDDBhUQUMgVGVzdCBJbnRlcm1l
- snip -
cJuWngR525eOd+DwFiyp0ue50pINoUP0EcXDMcP9ExC6sXIZTe7WifKIEUI4nYIc
ISPiOTWLmx7R8HpmzEAAn+C7IyIa1Q9GnKddEVqmneG34Jx9pdzNpS/zGrb4YTp2
O9BSZbSMjleNOPE2Qgga4n+xS7BP/OXLaZaZDs0dkqFzJI32k2WsbtZ44e3x6SkT
in+Rw+ocbeUBsZXN2Pu4w7MwtWlL8vLATr4dP2NcwZXiPQmqG586MqaAxMK7YJdP
Y3vbp24fL6/MtqH8c/RD2Y9vY37B0yRfvu7jt5iy5/66867pAYX0IBE7
-----END CERTIFICATE-----
.
C=JP,ST=Tokyo,O=Cisco,OU=TAC,CN=TAC Test Intermediate CA

Do you want to add another intermediate certificate? [N]>

Would you like to remove an intermediate certificate? [N]>

Do you want to check if Common Name is in Fully Qualified Domain Name(FQDN) format ? [N]>

List of Certificates
Name Common Name Issued By Status Remaining FQDN compliance checked
--------- -------------------- -------------------- ------------- --------- -----------------------
test cert esa.example.com TAC Test Intermediat Valid 374 days No
Cisco ESA Cisco ESA Certificat Cisco ESA Certificat Valid 834 days No

Choose the operation you want to perform:
- IMPORT - Import a certificate from a local PKCS#12 file
- PASTE - Paste a certificate into the CLI
- NEW - Create a self-signed certificate and CSR
- EDIT - Update certificate or view the signing request
- EXPORT - Export a certificate
- DELETE - Remove a certificate
- PRINT - View certificates assigned to services
[]>


Choose the operation you want to perform:
- CERTIFICATE - Import, Create a request, Edit or Remove Certificate Profiles
- CERTAUTHORITY - Manage System and Customized Authorities
- CRL - Manage Certificate Revocation Lists
[]>

esa.example.com> commit

Please enter some comments describing your changes:
[]> test cert imported

Do you want to save the current configuration for rollback? [Y]>

Changes committed: Mon Jul 21 13:34:06 2025 JST
esa.example.com>

 

标签:
0 有帮助
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接

浏览社区快速链接并以您的母语获取个性化内容:

向其他专家提问 分享想法或新闻 观看我们的所有视频视频
Customers Also Viewed These Support Documents