Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

33-14

Cisco ASDM User Guide

OL-16647-01

Chapter 33 Configuring Certificates

Identity Certificates Authentication

–

Name (in Key Pair > New window)—Selects a default key pair name, such as

<Default-RSA-Key>, or you can enter a new key pair name.

–

Size (in Key Pair > New window)—Specifies the default key pair size: 512, 788, 1024 (the

default) or 2048.

–

Usage (in Key Pair > New window)— Specifies the key pair usage as general purpose or

special.

• The Advanced button on the Add Identity Certificate pane lets you establish the following

certificate parameters, enrollment mode, and an optional revocation password for the

device-specific identity certificate:

–

FQDN (in Advanced > Certificate Parameters)—The Fully Qualified Domain Name (FQDN),

an unambiguous domain name, specifies the position of the node in the DNS tree hierarchy.

–

E-mail (in Advanced > Certificate Parameters)— The e-mail address associated with the

Identity Certificate.

–

IP Address (in Advanced > Certificate Parameters)—The security appliance address on the

network in four-part dotted-decimal notation.

–

The check box Include serial number of the device allows you to add the security appliance

serial number to the certificate parameters.

–

The Advanced > Enrollment Mode allows you to select either manual enrollment (Request by

manual enrollment) or enrollment by CA (Request from a CA), which requires the following

information:

–

Enrollment URL (SCEP): HTTP:// Enter the path and file name of the certificate to be

automatically installed.

–

Retry Period: Specify the maximum number of minutes to retry installing an Identity

certificate.The default is one minute.

–

Retry Count: Specify the number of retries for installing an Identity certificate. The default is

0, which indicates unlimited retries within the retry period.

• In the Add Identity Certificate pane, enter the following Certificate Subject DN information:

–

Certificate Subject DN— Specify the certificate subject-name DN to form the DN in the

Identity certificate, and click the Select... button to add DN attributes in the Certificate Subject

DN pane.

–

Attribute: (in Certificate Subject DN > Select window)— Select one or more DN attributes

from the pull-down menu. Selectable X.500 fields of attributes for the Certificate Subject DN

are:

Certificate Subject DN Attributes

CN = Common Name

OU = Department

O = Company Name

C = Country

ST = State/Province

L = Location

EA = E-mail Address

previous next