33-9
Cisco ASDM User Guide
OL-16647-01
Chapter 33 Configuring Certificates
CA Certificate Authentication
OCSP Rules Fields
• Certificate Map—Displays the name of the certificate map to match to this OCSP rule. Certificate
maps match user permissions to specific fields in a certificate. You must configure the certificate
map before you configure OCSP rules.
• Certificate—Displays the name of the CA the security appliance uses to validate responder
certificates.
• Index—Displays the priority number for the rule. The security appliance examines OCSP rules in
priority order, and applies the first one that matches.
• URL—Specifies the URL for the OCSP server for this certificate.
• Add—Click to add a new OCSP rule.
• Edit—Click to edit an existing OCSP rule.
• Delete—Click to delete an OCSP rule.
Advanced Configuration Options
The Advanced tab lets you specify CRL and OCSP options. When a certificate is issued, it is valid for
a fixed period of time. Sometimes a CA revokes a certificate before this time period expires; for example,
due to security concerns or a change of name or association. CAs periodically issue a signed list of
revoked certificates. Enabling revocation checking forces the security appliance to check that the CA has
not revoked the certificate being verified.