Filter
Top Products
33-7
Cisco Security Appliance Command Line Configuration Guide
OL-16647-01
Chapter 33 Configuring Certificates
Identity Certificates Authentication
Add/Install an Identity Certificate
The Identity Certificate panel lets you import an existing identity certificate from a file or add a new
certificate configuration from an existing file.
Click the appropriate option to activate one of the following:
Add Identity Certificate Fields
Assign values to the fields in the Add Identity Certificate dialog box as follows:
• To import an identity certificate from an existing file, select Import the identity certificate
from a fil
e and enter the following information:
–
Decryption Pass Phrase—Specify the passphrase used to decrypt the PKCS12 file.
–
File to Import From—You can type the pathname of the file in the box or you can click Browse
and search for the file. Browse displays the Load Identity Certificate file dialog box that lets
you navigate to the file containing the certificate.
• To add a new identity certificate requires the following information:—
–
Key Pair—RSA key pairs are required to enroll for identity certificates. The security appliance
supports multiple key pairs.
–
Key Pair name (in Key Pair > Show window)— Specifies name of the key pair whose public key
is to be certified.
–
Generation time (in Key Pair > Show window)—Displays time of day and the date when the key
pair is generated.
–
Usage (in Key Pair > Show window)— Displays how an RSA key pair is to be used. There are
two types of usage for RSA keys: general purpose (the default) and special. When you select
Special, the security appliance generates two key pairs, one for signature use and one for
encryption use. This implies that two certificates for the corresponding identity are required.
–
Modulus Size (bits) (in Key Pair > Show window)— Displays the modulus size of the key
pair(s): 512, 768, 1024, and 2048. The default modulus size is 1024.
–
Key Data: (in Key Pair > Show window)—Indicates the window that contains the specific key
data
–
Name (in Key Pair > New window)—Selects a default key pair name, such as
<Default-RSA-Key>, or you can enter a new key pair name.
–
Size (in Key Pair > New window)—Specifies the default key pair size: 512, 788, 1024 (the
default) or 2048.
–
Usage (in Key Pair > New window)— Specifies the key pair usage as general purpose or
special.
• The Advanced button on the Add Identity Certificate pane lets you establish the following
certificate parameters, enrollment mode, and an optional revocation password for the
device-specific identity certificate:
–
FQDN (in Advanced > Certificate Parameters)—The Fully Qualified Domain Name (FQDN),
an unambiguous domain name, specifies the position of the node in the DNS tree hierarchy.
–
E-mail (in Advanced > Certificate Parameters)— The e-mail address associated with the
Identity Certificate.
–
IP Address (in Advanced > Certificate Parameters)—The security appliance address on the
network in four-part dotted-decimal notation.