Cisco Systems VPN 3000 Switch User Manual

Open as PDF

of 502

14 Administration

14-46

VPN 3000 Concentrator Series User Guide

MD5 Thumbprint

A 128-bit MD5 hash of the complete certificate contents, shown as a 16-byte string. This value is unique

for every certificate, and it positively identifies the certificate. If you question a certificate’s authenticity,

you can check this value with the issuer.

SHA1 Thumbprint

A 160-bit SHA-1 hash of the complete certificate contents, shown as a 20-byte string. This value is

unique for every certificate, and it positively identifies the certificate. If you question a certificate’s

authenticity, you can check this value with the issuer.

Validity

The time period during which this certificate is valid.

Format is MM/DD/YYYY at HH:MM:SS AM/PM to MM/DD/YYYY at HH:MM:SS AM/PM. Time

uses 12-hour AM/PM notation, and is local system time.

The Manager checks the validity against the VPN Concentrator system clock, and it flags expired

certificates.

Subject Alternative Name (Fully Qualified Domain Name)

The fully qualified domain name for this VPN Concentrator that identifies it in this PKI. The alternative

name is an optional additional data field in the certificate, and it provides interoperability with many

Cisco IOS and PIX systems in LAN-to-LAN connections.

CRL Distribution Point

The distribution point for CRLs (Certificate Revocation Lists) from this CA. If this information is

included in the certificate in the proper format, and you enable CRL checking, you do not have to provide

it on the

Administration | Certificate Management | Certificates | CRL screen.

Back

To return to the Administration | Certificate Management | Certificates screen, click Back.

Administration | Certificate Management | Certificates | CRL

This screen lets you enable Certificate Revocation List (CRL) checking for CA certificates installed in

the VPN Concentrator.

A certificate is normally expected to be valid for its entire validity period. However, if a certificate

becomes invalid due to a name change, change of association between the subject and the CA, security

compromise, etc., the CA revokes the certificate. Under X.509, CAs revoke certificates by periodically

issuing a signed Certificate Revocation List (CRL), where each revoked certificate is identified by its

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems VPN 3000 Switch User Manual