Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
44-23
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 44 Configuring Digital Certificates
Authenticating Using the Local CA
Step 3 In the Certificate Format area, to use the public key cryptography standard, which can be base64 encoded
or in hexadecimal format, click the PKCS12 format radio button. Otherwise, click the PEM format
radio button.
Step 4 Click Browse to display the Export ID Certificate File dialog box to find the file to which you want to
export the certificate configuration.
Step 5 Select the file and click Export ID Certificate File.
The selected certificate file appears in the Export Certificate dialog box.
Step 6 Enter the passphrase used to decrypt the PKCS12 format file for export.
Step 7 Confirm the decryption passphrase.
Step 8 Click Export Certificate to export the certificate configuration.
What to Do Next
See the “Authenticating Using the Local CA” section on page 44-23.
Authenticating Using the Local CA
The local CA provides a secure, configurable in-house authority that resides on the ASA for certificate
authentication to use with browser-based and client-based SSL VPN connections.
Users enroll by logging in to a specified website. The local CA integrates basic certificate authority
operations on the ASA, deploys certificates, and provides secure revocation checking of issued
certificates.
The local CA lets you perform the following tasks:
Configure the local CA server.
Revoke and unrevoke local CA certificates.
Update CRLs.
Add, edit, and delete local CA users.
This section includes the following topics:
Configuring the Local CA Server, page 44-23
Deleting the Local CA Server, page 44-26
Configuring the Local CA Server
To configure a local CA server on the ASA, perform the following steps:
Step 1 Choose Configuration > Remote Access VPN > Certificate Management > Local Certificate
Authority > CA Server.
Step 2 To activate the local CA server, check the Enable Certificate Authority Server check box. The default
setting is disabled (unchecked). After you enable the local CA server, the ASA generates the local CA
server certificate, key pair, and necessary database files, then archives the local CA server certificate and
key pair in a PKCS12 file.