Filter
Top Products
33-2
Cisco Security Appliance Command Line Configuration Guide
OL-16647-01
Chapter 33 Configuring Certificates
CA Certificate Authentication
• Add Button—Add a new certificate configuration to the list. See Add/Install a CA Certificate.
• Edit Button—Modify an existing certificate configuration. See Edit CA Certificate Configuration.
• Show Details Button— Display the details and issuer information for the selected certificate. See
Show CA Certificate Details.
• Request CRL Button—Access the Certificate Revocation List (CRL) for an existing CA certificate.
See Request CRL.
• Delete Button—Remove the configuration of an existing CA certificate. See Delete a CA
Certificate.
• Apply Button—Save the new or modified CA certificate configuration.
• Reset Button—Remove any edits and return the display to the original contents.
Modes
The following table shows the modes in which this feature is available:
Add/Install a CA Certificate
The CA Certificate panel lets you add a new certificate configuration from an existing file, by manually
pasting a certificate, or by automatic enrollment. Click the appropriate option to activate one of the
following:
• Install from a File:—To add a certificate configuration from an existing file, enter the path and file
name, then click Install Certificate. You can type the pathname of the file in the box or you can
click Browse and search for the file. Browse displays the Load CA certificate file dialog box that
lets you navigate to the file containing the certificate.
• Paste certificate in PEM format:—For manual enrollment, copy and paste the PEM format
certificate (base64 or hexadecimal format) into the panel, then click Install Certificate.
• Use SCEP:—For automatic enrollment, the security appliance contacts the CA using Simple
Certificate Enrollment Protocol (SCEP) protocol, obtains the certificates, and installs them on the
device. (SCEP). SCEP is a secure messaging protocol that requires minimal user intervention. SCEP
lets you to enroll and install certificates using only the VPN Concentrator Manager. To use SCEP,
you must enroll with a CA that supports SCEP, and you must enroll via the Internet.
SCEP automatic enrollment requires completion of the following fields:
–
SCEP URL: HTTP:// Enter the path and file name of the certificate to be automatically
installed.
–
Retry Period: Specify the maximum number of minutes to retry installing a certificate.The
default is one minute.
–
Retry Count: Specify the number of retries for installing a certificate. The default is 0, which
indicates unlimited retries within the retry period.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
•••••