35-9
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 35 Configuring Digital Certificates
Configuring CA Certificate Authentication
Configuring CA Certificate Authentication
The CA Certificates pane displays the available certificates, identified by the issued to and issued by CA
server, the date that the certificate expires, the associated trustpoints, and the certificate usage or
purpose. In the CA Certificates pane, you can perform the following tasks:
• Authenticate self-signed or subordinate CA certificates.
• Install CA certificates on the adaptive security appliance.
• Create a new certificate configuration.
• Edit an existing certificate configuration.
• Obtain a CA certificate manually and import it.
• Have the adaptive security appliance use SCEP to contact the CA, and then automatically obtain and
install the certificate.
• Display details and issuer information for a selected certificate.
• Access the CRL for an existing CA certificate.
• Remove the configuration of an existing CA certificate.
• Save the new or modified CA certificate configuration.
• Discard any changes and return the certificate configuration to the original settings.
This section includes the following topics:
• Adding or Installing a CA Certificate, page 35-9
• Editing or Removing a CA Certificate Configuration, page 35-10
• Showing CA Certificate Details, page 35-11
• Requesting a CRL, page 35-11
• Configuring CRL Retrieval Policy, page 35-11
• Configuring CRL Retrieval Methods, page 35-12
• Configuring OCSP Rules, page 35-13
• Configuring Advanced CRL and OCSP Settings, page 35-13
Adding or Installing a CA Certificate
You can add a new certificate configuration from an existing file, by manually pasting a certificate in
PEM format, or by automatic enrollment using SCEP. SCEP is a secure messaging protocol that requires
minimal user intervention and lets you enroll and install certificates using only the VPN Concentrator
Manager.
To add or install a CA certificate, perform the following steps:
Step 1 In the main ASDM application window, choose Configuration > Remote Access VPN > Certificate
Management > CA Certificates.
Step 2 Click Add.
The Install Certificate dialog box appears. The selected trustpoint name appears in read-only format.
Step 3 To add a certificate configuration from an existing file, click the Install from a file radio button (this is
the default setting).
To Next Page
Loading...
Need help?
General
