Filter
Top Products
41-13
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 41 Configuring Digital Certificates
Configuring Digital Certificates
Configuring CRLs for a Trustpoint
To use mandatory or optional CRL checking during certificate authentication, you must configure CRLs
for each trustpoint. To configure CRLs for a trustpoint, perform the following steps:
Step 17
serial-number
Example:
hostname/contexta(config-ca-trustpoint)# serial
number JMX1213L2A7
During enrollment, asks the CA to include the ASA
serial number in the certificate.
Step 18
write memory
Example:
hostname/contexta(config)# write memory
Saves the running configuration.
Command Purpose
Command Purpose
Step 1
crypto ca trustpoint trustpoint-name
Example:
hostname (config)# crypto ca trustpoint Main
Enters crypto ca trustpoint configuration mode for
the trustpoint whose CRL configuration you want to
modify.
Note Make sure that you have enabled CRLs
before entering this command. In addition,
the CRL must be available for authentication
to succeed.
Step 2
crl configure
Example:
hostname (config-ca-trustpoint)# crl configure
Enters crl configuration mode for the current
trustpoint.
Tip To set all CRL configuration parameters to
default values, use the default command. At
any time during CRL configuration, reenter
this command to restart the procedure.
Step 3
Do one of the following:
policy cdp
Example:
hostname (config-ca-crl)# policy cdp
Configures retrieval policy. CRLs are retrieved only
from the CRL distribution points specified in
authenticated certificates.
Note SCEP retrieval is not supported by
distribution points specified in certificates.
To continue, go to Step 5.
policy static
Example:
hostname (config-ca-crl)# policy static
Configures retrieval policy. CRLs are retrieved only
from URLs that you configure.
To continue, go to Step 4.