44-12
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 44 Configuring Digital Certificates
Configuring CA Certificate Authentication
• “Configuring Advanced CRL and OCSP Settings” section on page 44-15
Step 2 To remove a CA certificate configuration, select it, and then click Delete.
Note After you delete a certificate configuration, it cannot be restored. To recreate the deleted
certificate, click Add to reenter all of the certificate configuration information.
Showing CA Certificate Details
To show detailed information about the selected CA certificate, click Show Details to display the
Certificate Details dialog box, which includes the following three display-only tabs:
• The General tab displays the values for type, serial number, status, usage, public key type, CRL
distribution point, the times within which the certificate is valid, and associated trustpoints. The
values apply to both available and pending status.
• The Issued to tab displays the X.500 fields of the subject DN or certificate owner and their values.
The values apply only to available status.
• The Issued by tab displays the X.500 fields of the entity granting the certificate. The values apply
only to available status.
Configuring CA Certificates for Revocation
To configure CA certificates for revocation, perform the following steps:
Step 1 In the ASDM application window, choose Configuration > Site-to-Site VPN > Certificate
Management > CA Certificates > Add to display the Install Certificates dialog box. Then click More
Options.
Step 2 In the Configuration Options for CA Certificates pane, click the Revocation Check tab.
Step 3 To disable revocation checking of certificates, click the Do not check certificates for revocation radio
button.
Step 4 To select one or more revocation checking methods (CRL or OCSP), click the Check certificates for
revocation radio button.
Step 5 In the Revocation Methods area, available methods appear on the left. Click Add to move a method to
the right and make it available. Click Move Up or Move Down to change the method order.
The methods that you choose are implemented in the order in which you add them. If a method returns
an error, the next revocation checking method activates.
Step 6 Check the Consider certificate valid if revocation checking returns errors check box to ignore
revocation checking errors during certificate validation.
Step 7 Click OK to close the Revocation Check tab. Alternatively, to continue, see the “Configuring CRL
Retrieval Policy” section on page 44-13.