44-13
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 44 Configuring Digital Certificates
Configuring CA Certificate Authentication
Configuring CRL Retrieval Policy
To configure the CRL retrieval policy, perform the following steps:
Step 1 In the ASDM application window, choose Configuration > Site-to-Site VPN > Certificate
Management > CA Certificates > Add to display the Install Certificates dialog box. Then click More
Options.
Step 2 In the Configuration Options for CA Certificates pane, click the CRL Retrieval Policy tab.
Step 3 Check the Use CRL Distribution Point from the certificate check box to direct revocation checking
to the CRL distribution point from the certificate being checked.
Step 4 Check the Use Static URLs configured below check box to list specific URLs to be used for CRL
retrieval. The URLs you select are implemented in the order in which you add them. If an error occurs
with the specified URL, the next URL in order is taken.
Step 5 In the Static Configuration area, click Add.
The Add Static URL dialog box appears.
Step 6 In the URL field, enter the static URL to use for distributing the CRLs, and then click OK.
The URL that you entered appears in the Static URLs list.
Step 7 To change the static URL, select it, and then click Edit.
Step 8 To remove an existing static URL, select it, and then click Delete.
Step 9 To change the order in which the static URLs appear, click Move Up or Move Down.
Step 10 Click OK to close this tab. Alternatively, to continue, see the “Configuring CRL Retrieval Methods”
section on page 44-13.
Configuring CRL Retrieval Methods
To configure CRL retrieval methods, perform the following steps:
Step 1 In the ASDM application window, choose Configuration > Site-to-Site VPN > Certificate
Management > CA Certificates > Add to display the Install Certificates dialog box. Then click More
Options.
Step 2 In the Configuration Options for CA Certificates pane, click the CRL Retrieval Methods tab.
Step 3 Choose one of the following three retrieval methods:
• To enable LDAP for CRL retrieval, check the Enable Lightweight Directory Access Protocol
(LDAP) check box. With LDAP, CRL retrieval starts an LDAP session by connecting to a named
LDAP server, accessed by a password. The connection is on TCP port 389 by default. Enter the
following required parameters:
–
Name
–
Password
–
Confirm Password
–
Default Server (server name)
–
Default Port (389)