Filter
Top Products
33-18
Cisco Security Appliance Command Line Configuration Guide
OL-16647-01
Chapter 33 Configuring Certificates
Manage User Certificates
Manage User Certificates
The Local CA server maintains certificate renewals, re-issues user certificates, maintains the Certificate
Revocation List (CRL), and revokes or restores privileges as needed. With the Manage User Certificates
window, you can select specific certificates by username or by certificate serial number and change the
certificate status (revoked/unrevoked).
Whenever you change any certificate status, be sure to update the CRL to reflect the latest changes.
• To change certificate status, see Revoking a Local CA Certificate and Unrevoking a Local CA
Certificate.
Revoking a Local CA Certificate
The Local CA Server keeps track of the lifetime of every user certificate and e-mails renewal notices
when they are needed. If a user’s certificate lifetime period runs out, that user’s access is revoked. The
Local CA also marks the certificate as revoked in the certificate database and automatically updates the
information and reissues the CRL.
Unrevoking a Local CA Certificate
An already revoked user certificate can have privileges restored with notification by e-mail. Select a
revoked user’s certificate and click Unrevoke to restore access. The Local CA also marks the certificate
as unrevoked in the certificate database, automatically updates the certificate information, and reissues
an updated CRL.
Manage User Database
The Local CA user database contains user identification information and the status of each user in the
system (enrolled, allowed, revoked, etc.). With the Manage User Database window, you can add new
users, select specific users by username to edit user information, and you can delete existing users and
their certificates. Whenever you add a user or modify any user’s status, The Local CA automatically
updates the CRL to reflect the latest changes.
• To add a user to the Local CA Database, see Add a Local CA User.
• To change user identification information for an existing user, see Edit a Local CA User.
• To remove a user from the database, see Delete a Local CA User
• To change the enrollment status of a user, see Allow Enrollment.
• To e-mail One-Time-Passwords (OTPs) to a user, see Email OTP.
• To view or regenerate a OTP, see View/Re-generate OTP.
Add a Local CA User
The Add button allows you to enter a new user into the Local CA database. Each new user to be entered
into the database must have a predefined user name, e-mail address, and subject name.
Local CA Add User
Fields
• Username: Enter a valid user name.
• Email: Specify an existing valid e-mail address.
• Subject: Enter the user’s subject name.