我们将 SSL/TLS 证书加载到 infoblox NIOS 设备中,这是更新/更便宜的证书之一,通常需要中间证书才能在现代网络浏览器中完成真实性验证。
infoblox NIOS 设备服务器不再受支持,文档明确指出支持加载中间证书。但是,它没有具体说明如何实现这一点。尝试将证书和中间件作为 bundle 加载会导致 NIOS 接口(interface)响应证书无效的错误。尝试单独加载证书不起作用,因为它只允许为 HTTPS 接口(interface)加载一个证书。
有人知道如何使用 NIOS 网络界面执行此操作吗?
最佳答案
来自 Infoblox NIOS 管理指南(http://dloads.infoblox.com/direct/appliance/NIOS/NIOS_AdminGuide_8.0.pdf):
When you receive the certificate from the CA, and import it to the appliance, the NIOS appliance finds the matching CSR and takes the private key associated with the CSR and associates it with the newly imported certificate. The appliance then automatically deletes the CSR.
If the CA sends an intermediate certificate that must be installed along with the server certificate, you can upload both certificates to the appliance. The appliance supports the use of intermediate certificates to complete the chain of trust from the server certificate to a trusted root CA. This eliminates intermediate certificate security warnings that appear when you open a web browser and try to connect to an Infoblox appliance.
这很烦人,但似乎每次都必须重新制作一个新的 CSR,然后才能上传证书。我将服务器证书和中间证书放在同一个 .pem 文件中,这似乎有效。
关于ssl - 将中间证书加载到 Infoblox NIOS,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36183847/