CHAPTER
35-1
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
35
Configuring Digital Certificates
This chapter describes how to configure digital certificates and includes the following sections:
• Information About Digital Certificates, page 35-1
• Licensing Requirements for Digital Certificates, page 35-8
• Configuring CA Certificate Authentication, page 35-9
• Configuring Identity Certificates Authentication, page 35-14
• Configuring Code Signer Certificates, page 35-20
• Authenticating Using the Local CA, page 35-22
• Managing the User Database, page 35-25
• Managing User Certificates, page 35-28
• Monitoring CRLs, page 35-28
• Feature History for Certificate Management, page 35-29
Information About Digital Certificates
Digital certificates provide digital identification for authentication. A digital certificate includes
information that identifies a device or user, such as the name, serial number, company, department, or IP
address. CAs are trusted authorities that “sign” certificates to verify their authenticity, thereby
guaranteeing the identity of the device or user. CAs issue digital certificates in the context of a PKI,
which uses public-key or private-key encryption to ensure security.
For authentication using digital certificates, at least one identity certificate and its issuing CA certificate
must exist on an adaptive security appliance. This configuration allows multiple identities, roots, and
certificate hierarchies. Descriptions of several different types of available digital certificates follow:
• A CA certificate is used to sign other certificates. It is self-signed and called a root certificate. A
certificate that is issued by another CA certificate is called a subordinate certificate. For more
information, see the “Configuring CA Certificate Authentication” section on page 35-9.
• CAs also issue identity certificates, which are certificates for specific systems or hosts. For more
information, see the “Configuring Identity Certificates Authentication” section on page 35-14.
• Code-signer certificates are special certificates that are used to create digital signatures to sign code,
with the signed code itself revealing the certificate origin. For more information, see the
“Configuring Code Signer Certificates” section on page 35-20.
To Next Page
Loading...
Need help?
General
