1-14
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Digital Certificates
Configuring Digital Certificates
policy cdp
Example:
hostname (config-ca-crl)# policy cdp
Configures retrieval policy. CRLs are retrieved only
from the CRL distribution points specified in
authenticated certificates.
Note SCEP retrieval is not supported by
distribution points specified in certificates.
To continue, go to Step 5.
policy static
Example:
hostname (config-ca-crl)# policy static
Configures retrieval policy. CRLs are retrieved only
from URLs that you configure.
To continue, go to Step 4.
policy both
Example:
hostname (config-ca-crl)# policy both
Configures retrieval policy. CRLs are retrieved from
CRL distribution points specified in authenticated
certificates and from URLs that you configure.
To continue, go to Step 4.
Step 4
url n url
Example:
hostname (config-ca-crl)# url 2
http://www.example.com
If you used the keywords static or both when you
configured the CRL policy, you must configure
URLs for CRL retrieval. You can enter up to five
URLs, ranked 1 through 5. The n is the rank assigned
to the URL. To remove a URL, use the no url n
command.
Step 5
protocol http | ldap | scep
Example:
hostname (config-ca-crl)# protocol http
Configures the retrieval method. Specifies HTTP,
LDAP, or SCEP as the CRL retrieval method.
Step 6
cache-time refresh-time
Example:
hostname (config-ca-crl)# cache-time 420
Configures how long the ASA caches CRLs for the
current trustpoint. refresh-time is the number of
minutes that the ASA waits before considering a
CRL stale.
Step 7
Do one of the following:
enforcenextupdate
Example:
hostname (config-ca-crl)# enforcenextupdate
Requires the NextUpdate field in CRLs. This is the
default setting.
no enforcenextupdate
Example:
hostname (config-ca-crl)# no enforcenextupdate
Allows the NextUpdate field to be absent in CRLs.
Command Purpose
To Next Page
Loading...
Need help?
General
