44-16
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 44 Configuring Digital Certificates
Configuring Identity Certificates Authentication
What to Do Next
See the “Configuring Identity Certificates Authentication” section on page 44-16.
Configuring Identity Certificates Authentication
An identity certificate can be used to authenticate VPN access through the ASA. In the Identity
Certificates Authentication pane, you can perform the following tasks:
• Add or import a new identity certificate.
• Display details of an identity certificate.
• Delete an existing identity certificate.
• Export an existing identity certificate.
• Install an existing identity certificate.
• Enroll for an identity certificate with Entrust.
This section includes the following topics:
• Adding or Importing an Identity Certificate, page 44-16
• Showing Identity Certificate Details, page 44-18
• Deleting an Identity Certificate, page 44-18
• Exporting an Identity Certificate, page 44-19
• Generating a Certificate Signing Request, page 44-19
• Installing Identity Certificates, page 44-20
Adding or Importing an Identity Certificate
To add or import a new identity certificate configuration, perform the following steps:
Step 1 In the main ASDM application window, choose Configuration > Remote Access VPN > Certificate
Management > Identity Certificates.
Step 2 Click Add.
The Add Identity Certificate dialog box appears, with the selected trustpoint name displayed at the top.
Step 3 To import an identity certificate from an existing file, click the Import the identity certificate from a
file (PKCS12 format with Certificate(s) + Private Key) radio button.
Step 4 Enter the passphrase used to decrypt the PKCS12 file.
Step 5 Enter the path name of the file, or click Browse to display the Import ID Certificate File dialog box. Find
the certificate file, and then click Import ID Certificate File.
Step 6 To add a new identity certificate, click the Add a new identity certificate radio button.
Step 7 Click New to display the Add Key Pair dialog box.
Step 8 To use the default key pair name, click the Use default keypair name radio button.
Step 9 To use a new key pair name, click the Enter a new key pair name radio button, and type the new name.
The ASA supports multiple key pairs.