Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

33-17

Cisco ASDM User Guide

OL-16647-01

Chapter 33 Configuring Certificates

Identity Certificates Authentication

–

New—Click to add a new key pair, providing a name, modulus size, and usage. When you

generate the key pair, you have the option of sending it to the security appliance or saving it to

a file.

• Certificate Subject DN—Identifies DN attributes for the certificate.

–

Common Name (CN)—Enter the FQDN or IP address of the security appliance.

–

Organization (O)—Provide the name of the company.

–

Country (C)—Enter the two-letter code for the country.

• Optional Parameters—Lets you add additional attributes for the signing request.

–

Additional DN Attributes—These include Department (OU), State (ST), Location (L), and

E-mail Address (EA).

–

FQDN (SubjectAlt Name)—Use this certificate extension field to enter additional fully

qualified domain name information if the CA requires it.

• Generate Request—Click to generate the certificate signing request, which you can then Send to

Entrust, or Save to File, and send later.

Modes

The following table shows the modes in which this feature is available:

Installing Identity Certificates

The Install button on the Identity Certificates window is inactivated unless there is a pending

enrollment. Whenever the security appliance receives a Certificate Signing Request (CSR), the Identity

Certificates window displays the pending ID certificate. When you highlight the pending Identity

Certificate, the Install button activates.

When you transmit the pending file to a CA, the CA enrolls it and returns a certificate to the security

appliance. Once you have the certificate, click the Install button and highlight the appropriate Identity

and CA certificates to complete the operation.

The following steps illustrate adding and installing a pending Identity Certificate:

To Add the Identity Certificate:

Step 1 In the Identity Certificates panel, click the Add button.

Step 2 In the Add Identity Certificate panel, select Add a new identity certificate.

Step 3 Optionally, change the key pair or create a new key pair. A key pair is required.

Step 4 Enter the Certificate Subject DN: information and click the Select... button.

Step 5 In the Certificate Subject DN panel, be sure to specify all of the subject DN attributes required by the

CA involved. See Certificate Subject DN Attributes. Then click OK to close the Certificate Subject DN

panel.

Step 6 In the Add Identity Certificate panel, click the Advanced... button.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• • • • •

previous next