1-30
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Digital Certificates
Configuring Digital Certificates
Configuring the CRL Lifetime
To configure the CRL lifetime, perform the following commands:
Configuring the Server Keysize
To configure the server keysize, perform the following commands:
Command Purpose
Step 1
crypto ca server
Example:
hostname (config)# crypto ca server
Enters local ca server configuration mode. Allows
you to configure and manage a local CA.
Step 2
lifetime crl time
Example:
hostname (config-ca-server)# lifetime crl 10
Sets the length of time that you want the CRL to
remain valid.
The local CA updates and reissues the CRL each time
that a user certificate is revoked or unrevoked, but if
no revocation changes occur, the CRL is reissued
automatically once each CRL lifetime. If you do not
specify a CRL lifetime, the default time period is six
hours.
Step 3
crypto ca server crl issue
Example:
hostname(config)# crypto ca server crl issue
A new CRL has been issued.
Forces the issuance of a CRL at any time, which
immediately updates and regenerates a current CRL
to overwrite the existing CRL.
Note Do not use this command unless the CRL file
has been removed in error or has been
corrupted and must be regenerated.
Command Purpose
Step 1
crypto ca server
Example:
hostname (config)# crypto ca server
Enters local ca server configuration mode. Allows
you to configure and manage a local CA.
Step 2
keysize server
Example:
hostname (config-ca-server)# keysize server 2048
Specifies the size of the public and private keys
generated at user-certificate enrollment. The keypair
size options are 512, 768, 1024, 2048 bits, and the
default value is 1024 bits.
Note After you have enabled the local CA, you
cannot change the local CA keysize, because
all issued certificates would be invalidated.
To change the local CA keysize, you must
delete the current local CA and reconfigure a
new one.
To Next Page
Loading...
Need help?
General
