Filter
Top Products
44-14
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 44 Configuring Digital Certificates
Configuring CA Certificate Authentication
• To enable HTTP for CRL retrieval, check the Enable HTTP check box.
• To enable SCEP for CRL retrieval, check the Enable Simple Certificate Enrollment Protocol
(SCEP) check box.
Step 4 Click OK to close this tab. Alternatively, to continue, see the “Configuring OCSP Rules” section on
page 44-14.
Configuring OCSP Rules
The ASA examines OCSP rules in priority order, and applies the first one that matches. X.509 digital
certificates are an alternative to using CRLs.
Note Make sure that you have configured a certificate map before you try to add OCSP rules. If a certificate
map has not been configured, an error message appears. To configure a certificate map, choose
Configuration > Site-to-Site VPN > Advanced > Certificate to Connection Profile Maps > Rules >
Add.
To configure OCSP rules for obtaining revocation status of an X.509 digital certificate, perform the
following steps:
Step 1 In the ASDM application window, choose Configuration > Site-to-Site VPN > Certificate
Management > CA Certificates > Add to display the Install Certificates dialog box. Then click More
Options.
Step 2 In the Configuration Options for CA Certificates pane, click the OCSP Rules tab.
Step 3 Choose the certificate map to match to this OCSP rule. Certificate maps match user permissions to
specific fields in a certificate. The name of the CA that the ASA uses to validate responder certificates
appears in the Certificate field. The priority number for the rule appears in the Index field. The URL of
the OCSP server for this certificate appears in the URL field.
Step 4 To add a new OCSP rule, click Add.
The Add OCSP Rule dialog box appears.
Step 5 Choose the certificate map to use from the drop-down list.
Step 6 Choose the certificate to use from the drop-down list.
Step 7 Enter the priority number for the rule.
Step 8 Enter the URL of the OCSP server for this certificate.
Step 9 When you are done, click OK to close this dialog box.
The newly added OCSP rule appears in the list.
Step 10 To edit an existing OCSP rule, select it, and then click Edit.
Step 11 To delete an OCSP rule, select it, and then click Delete.
Step 12 Click OK to close this tab. Alternatively, to continue, see the “Configuring Advanced CRL and OCSP
Settings” section on page 44-15.