Filter
Top Products
33-11
Cisco ASDM User Guide
OL-16647-01
Chapter 33 Configuring Certificates
Identity Certificates Authentication
–
Disable nonce extension—By default the OCSP request includes the nonce extension, which
cryptographically binds requests with responses to avoid replay attacks. It works by matching
the extension in the request to that in the response, ensuring that they are the same. Disable the
nonce extension if the OCSP server you are using sends pre-generated responses that do not
contain this matching nonce extension.
• Validation Policy
–
Specify the type of client connections that can be validated by this CA—Click SSL or IPSec
to restrict the type of remote session this CA can be used to validate, or click SSL and IPSec to
let the CA validate both types of sessions.
• Other Options
–
Accept certificates issued by this CA—Specify whether or not the security appliance should
accept certificates from CA Name.
–
Accept certificates issued by the subordinate CAs of this CA
Identity Certificates Authentication
An Identity Certificate can be used to authenticate VPN access through the security appliance. Click the
SSL Settings or the IPsec Connections links on the Identity Certificates panel for additional
configuration information.
The Identity Certificates Authentication panel allows you to:
• Add an Identity Certificate. See Add/Install an Identity Certificate.
• Display details of an Identity Certificate. See Show Identity Certificate Details.
• Delete an existing Identity Certificate. See Delete an Identity Certificate.
• Export an existing Identity Certificate. See Export an Identity Certificate.
• Install an Identity Certificate. See Installing Identity Certificates.
• Enroll for a certificate with Entrust. See Generate