1-15
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring Digital Certificates
  Configuring Digital Certificates
Exporting a Trustpoint Configuration
To export a trustpoint configuration, enter the following command:
Examples
The following example exports PKCS12 data for the trustpoint Main with the passphrase Wh0zits:
hostname (config)# crypto ca export Main pkcs12 Wh0zits
Exported pkcs12 follows:
[ PKCS12 data omitted ]
---End - This line not part of the pkcs12---
Step 8
ldap-defaults server
Example:
hostname (config-ca-crl)# ldap-defaults ldap1
Identifies the LDAP server to the ASA if LDAP is 
specified as the retrieval protocol. You can specify 
the server by DNS hostname or by IP address. You 
can also provide a port number if the server listens 
for LDAP queries on a port other than the default of 
389.
Note If you use a hostname instead of an IP 
address to specify the LDAP server, make 
sure that you have configured the ASA to use 
DNS. 
Step 9
ldap-dn admin-DN password
Example:
hostname (config-ca-crl)# ldap-dn 
cn=admin,ou=devtest,o=engineering c00lRunZ
Allows CRL retrieval if the LDAP server requires 
credentials.
Step 10
crypto ca crl request trustpoint
Example:
hostname (config-ca-crl)# crypto ca crl request Main
Retrieves the current CRL from the CA represented 
by the specified trustpoint and tests the CRL 
configuration for the current trustpoint.
Step 11
write memory
Example:
hostname (config)# write memory
Saves the running configuration. 
Command Purpose
Command Purpose
crypto ca export trustpoint
Example:
hostname(config)# crypto ca export Main
Exports a trustpoint configuration with all associated keys and 
certificates in PKCS12 format. The ASA displays the PKCS12 data in 
the terminal. You can copy the data. The trustpoint data is password 
protected; however, if you save the trustpoint data in a file, make sure 
that the file is in a secure location.