1-21
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Cisco Intercompany Media Engine Proxy
Configuring Cisco Intercompany Media Engine Proxy
Step 7
hostname(config)# crypto ca enroll trustpoint
Example:
hostname(config)# crypto ca enroll remote-ent
%
% Start certificate enrollment ...
% The subject name in the certificate will be:
% cn=enterpriseA
% The fully-qualified domain name in the certificate will
@ be: ciscoasa
% Include the device serial number in the subject name?
[yes/no]: no
Display Certificate Request to terminal? [yes/no]: yes
Starts the enrollment process with the CA.
Where trustpoint is the same as the value you
entered for trustpoint_name in Step 2.
When the trustpoint is configured for manual
enrollment (enroll terminal command), the
ASA writes a base-64-encoded PKCS10
certification request to the console and then
displays the CLI prompt. Copy the text from the
prompt.
Submit the certificate request to the CA, for
example, by pasting the text displayed at the
prompt into the certificate signing request
enrollment page on the CA website.
When the CA returns the signed identity
certificate, proceed to Step 8 in this procedure.
Step 8
hostname(config)# crypto ca import trustpoint certificate
Example:
hostname(config)# crypto ca import remote-ent certificate
Imports the signed certificate received from the
CA in response to a manual enrollment request.
Where trustpoint specifies the trustpoint you
created in Step 2.
The ASA prompts you to paste the base-64
formatted signed certificate onto the terminal.
Step 9
hostname(config)# crypto ca authenticate trustpoint
Example:
hostname(config)# crypto ca authenticate remote-ent
Authenticates the third-party identity certificate
received from the CA. The identity certificate is
associated with a trustpoint created for the
remote enterprise.
The ASA prompts you to paste the base-64
formatted identity certificate from the CA onto
the terminal.
Command Purpose
Step 1
hostname(config)# tls-proxy proxy_name
Example:
hostname(config)# tls-proxy local_to_remote-ent
Creates the TLS proxy for the outbound
connections.
Step 2
hostname(config-tlsp)# client trust-point
proxy_trustpoint
Example:
hostname(config-tlsp)# client trust-point local-ent
For outbound connections, specifies the trustpoint
and associated certificate that the adaptive security
appliance uses in the TLS handshake when the
adaptive security appliance assumes the role of the
TLS client. The certificate must be owned by the
adaptive security appliance (identity certificate).
Where proxy_trustpoint specifies the trustpoint
defined by the crypto ca trustpoint command in
Step 2 in “” section on page 1-12.
Command Purpose
To Next Page
Loading...
Need help?
General
