Cisco Systems ASA 5580 Network Router User Manual

Open as PDF

of 2086

44-10

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter 44 Configuring Digital Certificates

Configuring Digital Certificates

This section describes how to configure local CA certificates. Make sure that you follow the sequence

of tasks listed to correctly configure this type of digital certificate. This section includes the following

topics:

• Configuring CA Certificate Authentication, page 44-10

• Configuring CA Certificates for Revocation, page 44-12

• Configuring CRL Retrieval Policy, page 44-13

• Configuring CRL Retrieval Methods, page 44-13

• Configuring OCSP Rules, page 44-14

• Configuring Advanced CRL and OCSP Settings, page 44-15

Configuring CA Certificate Authentication

The CA Certificates pane displays the available certificates, identified by the issued to and issued by CA

server, the date that the certificate expires, the associated trustpoints, and the certificate usage or

purpose. In the CA Certificates pane, you can perform the following tasks:

• Authenticate self-signed or subordinate CA certificates.

• Install CA certificates on the ASA.

• Create a new certificate configuration.

• Edit an existing certificate configuration.

• Obtain a CA certificate manually and import it.

• Have the ASA use SCEP to contact the CA, and then automatically obtain and install the certificate.

• Display details and issuer information for a selected certificate.

• Access the CRL for an existing CA certificate.

• Remove the configuration of an existing CA certificate.

• Save the new or modified CA certificate configuration.

• Discard any changes and return the certificate configuration to the original settings.

This section includes the following topics:

• Adding or Installing a CA Certificate, page 44-10

• Editing or Removing a CA Certificate Configuration, page 44-11

• Showing CA Certificate Details, page 44-12

Adding or Installing a CA Certificate

You can add a new certificate configuration from an existing file, by manually pasting a certificate in

PEM format, or by automatic enrollment using SCEP. SCEP is a secure messaging protocol that requires

minimal user intervention and lets you enroll and install certificates using only the VPN Concentrator

Manager.

To add or install a CA certificate, perform the following steps:

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems ASA 5580 Network Router User Manual