1-27
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Digital Certificates
Configuring Digital Certificates
Configuring Local CA Certificate Characteristics
You can configure the following characteristics of local CA certificates:
• The name of the certificate issuer as it appears on all user certificates.
• The lifetime of the local CA certificates (server and user) and the CRL.
• The length of the public and private keypairs associated with local CA and user certificates.
This section includes the following topics:
• Configuring the Issuer Name, page 1-28
• Configuring the CA Certificate Lifetime, page 1-28
• Configuring the User Certificate Lifetime, page 1-29
• Configuring the CRL Lifetime, page 1-30
• Configuring the Server Keysize, page 1-30
• Setting Up External Local CA File Storage, page 1-31
• Downloading CRLs, page 1-33
• Storing CRLs, page 1-34
• Setting Up Enrollment Parameters, page 1-35
• Adding and Enrolling Users, page 1-36
• Renewing Users, page 1-38
• Restoring Users, page 1-39
• Removing Users, page 1-39
• Revoking Certificates, page 1-40
• Maintaining the Local CA Certificate Database, page 1-40
• Rolling Over Local CA Certificates, page 1-40
• Archiving the Local CA Server Certificate and Keypair, page 1-41
no crypto ca server
Example:
hostname (config)# no crypto ca server
Removes an existing local CA server (either enabled or
disabled).
Note Deleting the local CA server removes the
configuration from the ASA. After the configuration
has been deleted, it is unrecoverable.
Make sure that you also delete the associated local CA server
database and configuration files (that is, all files with the
wildcard name, LOCAL-CA-SERVER.*).
clear configure crypto ca server
Example:
hostname (config)# clear config crypto ca server
Command Purpose
To Next Page
Loading...
Need help?
General
