1-12
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Digital Certificates
Configuring Digital Certificates
Step 6
enrollment retry period
Example:
hostname/contexta(config-ca-trustpoint)# enrollment
retry period 5
(Optional) Specifies a retry period in minutes, and
applies only to SCEP enrollment.
Step 7
enrollment retry count
Example:
hostname/contexta(config-ca-trustpoint)# enrollment
retry period 2
(Optional) Specifies a maximum number of
permitted retries, and applies only to SCEP
enrollment.
Step 8
fqdn fqdn
Example:
hostname/contexta(config-ca-trustpoint)# fqdn
example.com
During enrollment, asks the CA to include the
specified fully qualified domain name in the Subject
Alternative Name extension of the certificate.
Step 9
ip-address ip-address
Example:
hostname/contexta(config-ca-trustpoint)# ip-address
10.10.100.1
During enrollment, asks the CA to include the IP
address of the ASA in the certificate.
Step 10
keypair name
Example:
hostname/contexta(config-ca-trustpoint)# keypair
exchange
Specifies the key pair whose public key is to be
certified.
Step 11
match certificate map-name override ocsp
Example:
hostname/contexta(config-ca-trustpoint)# match
certificate examplemap override ocsp
Configures OCSP URL overrides and trustpoints to
use for validating OCSP responder certificates.
Step 12
ocsp disable-nonce
Example:
hostname/contexta(config-ca-trustpoint)# ocsp
disable-nonce
Disables the nonce extension on an OCSP request.
The nonce extension cryptographically binds
requests with responses to avoid replay attacks.
Step 13
ocsp url
Example:
hostname/contexta(config-ca-trustpoint)# ocsp url
Configures an OCSP server for the ASA to use to
check all certificates associated with a trustpoint
rather than the server specified in the AIA extension
of the client certificate.
Step 14
password string
Example:
hostname/contexta(config-ca-trustpoint)# password
mypassword
Specifies a challenge phrase that is registered with
the CA during enrollment. The CA usually uses this
phrase to authenticate a subsequent revocation
request.
Command Purpose
To Next Page
Loading...
