35-17
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 35 Configuring Digital Certificates
Configuring Identity Certificates Authentication
Step 23 Click OK when you are done to close the Advanced Options dialog box.
Step 24 Click Add Certificate in the Add Identity Certificate dialog box.
The new identity certificate appears in the Identity Certificates list.
Step 25 Click Apply to save the new identity certificate configuration.
Showing Identity Certificate Details
To show detailed information about the selected identity certificate, click Show Details to display the
Certificate Details dialog box, which includes the following three display-only tabs:
• The General tab displays the values for type, serial number, status, usage, public key type, CRL
distribution point, the times within which the certificate is valid, and associated trustpoints. The
values apply to both available and pending status.
• The Issued to tab displays the X.500 fields of the subject DN or certificate owner and their values.
The values apply only to available status.
• The Issued by tab displays the X.500 fields of the entity granting the certificate. The values apply
only to available status.
Deleting an Identity Certificate
To remove an identity certificate configuration, select it, and then click Delete.
Note After you delete a certificate configuration, it cannot be restored. To recreate the deleted
certificate, click Add to reenter all of the certificate configuration information.
Exporting an Identity Certificate
You can export a certificate configuration with all associated keys and certificates in PKCS12 format,
which is the public key cryptography standard, and can be base64 encoded or in hexadecimal format. A
complete configuration includes the entire chain (root CA certificate, identity certificate, key pair) but
not enrollment settings (subject name, FQDN and so on). This feature is commonly used in a failover or
load-balancing configuration to replicate certificates across a group of adaptive security appliances; for
example, remote access clients calling in to a central organization that has several units to service the
calls. These units must have equivalent certificate configurations. In this case, an administrator can
export a certificate configuration and then import it across the group of adaptive security appliances.
To export an identity certificate, perform the following steps:
Step 1 Click Export to display the Export Certificate dialog box.
Step 2 Enter the name of the PKCS12 format file to use in exporting the certificate configuration. Alternatively,
click Browse to display the Export ID Certificate File dialog box to find the file to which you want to
export the certificate configuration.
Step 3 Choose the certificate format by clicking the PKCS12 Format radio button or the PEM Format radio
button.
To Next Page
Loading...
Need help?
General
