Filter
Top Products
33-15
Cisco ASDM User Guide
OL-16647-01
Chapter 33 Configuring Certificates
Identity Certificates Authentication
–
Value: (in Certificate Subject DN > Select window)— Enter the value for each of the DN
attributes that you select in the Attribute list. With a value assigned to an attribute, use the
now-active Add button to add the attribute to the Attribute/Value field on the right. To remove
attributes and their values, select the attribute and click the now-active Delete button.
Once you complete Identity Certificate configuration, click Add Certificate in the Add Identity
Certificate pane. Then, be sure to click the Apply button in the Identity Certificates window to save the
newly certificate configuration.
Show Identity Certificate Details
The Show Details button displays the Certificate Details dialog box, which shows the following
information about the selected certificate:
• General—Displays the values for type, serial number, status, usage, public key type, CRL
distribution point, the times within which the certificate is valid, and associated certificates. This
applies to both available and pending status.
• Issued to— Displays the X.500 fields of the subject DN or certificate owner and their values. This
applies only to available status.
• Issued by—Displays the X.500 fields of the entity granting the certificate. This applies only to
available status.
Delete an Identity Certificate
The Delete button immediately removes the selected Identity Certificate configuration from the security
appliance. Once you delete a certificate configuration, it cannot be restored; to recreate the deleted
certificate, use the Add button to reenter the certificate configuration information from the beginning
Note Once you delete a certificate configuration, it cannot be restored.
Export an Identity Certificate
The Export panel lets you export a certificate configuration with all associated keys and certificates in
PKCS12 format, which must be in base64 format. An entire configuration includes the entire chain (root
CA certificate, identity certificate, key pair) but not enrollment settings (subject name, FQDN and so
on). This feature is commonly used in a failover or load-balancing configuration to replicate certificates
across a group of security appliances; for example, remote access clients calling in to a central
organization that has several units to service the calls. These units must have equivalent certificate
configurations. In this case, an administrator can export a certificate configuration and then import it
across the group of security appliances.