35-16
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 35 Configuring Digital Certificates
Configuring Identity Certificates Authentication
Step 13 Click OK when you are done to close the Key Pair Details dialog box.
Step 14 Choose a certificate subject DN to form the DN in the identity certificate. and then click Select to display
the Certificate Subject DN dialog box.
Step 15 Choose one or more DN attributes that you want to add from the drop-down list, enter a value, and then
click Add. Available X.500 attributes for the Certificate Subject DN are the following:
• Common Name (CN)
• Department (OU)
• Company Name (O)
• Country (C)
• State/Province (ST)
• Location (L)
• E-mail Address (EA)
Step 16 Click OK when you are done to close the Certificate Subject DN dialog box.
Step 17 To create self-signed certificates, check the Generate self-signed certificate check box.
Step 18 To have the identity certificate act as the local CA, check the Act as local certificate authority and
issue dynamic certificates to TLS proxy check box.
Step 19 To establish additional identity certificate settings, click Advanced.
The Advanced Options dialog box appears, with the following three tabs: Certificate Parameters,
Enrollment Mode, and SCEP Challenge Password.
Note Enrollment mode settings and the SCEP challenge password are not available for self-signed
certificates.
Step 20 Click the Certificate Parameters tab, and then enter the following information:
• The FQDN, an unambiguous domain name, to indicate the position of the node in the DNS tree
hierarchy.
• The e-mail address associated with the identity certificate.
• The adaptive security appliance IP address on the network in four-part, dotted-decimal notation.
• To add the adaptive security appliance serial number to the certificate parameters, check the Include
serial number of the device check box.
Step 21 Click the Enrollment Mode tab, and then enter the following information:
• Choose the enrollment method by clicking the Request by manual enrollment radio button or the
Request from a CA radio button.
• The enrollment URL of the certificate to be automatically installed through SCEP.
• The maximum number of minutes allowed to retry installing an identity certificate. The default is
one minute.
• The maximum number of retries allowed for installing an identity certificate. The default is zero,
which indicates an unlimited number of retries within the retry period.
Step 22 Click the SCEP Challenge Password tab, and then enter the following information:
• The SCEP password
• The SCEP password confirmation
To Next Page
Loading...
Need help?
General
