Creating an internal ca – Cisco ASA 5505 User Manual

Page 1046

Advertising
background image

49-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 49 Configuring the TLS Proxy for Encrypted Voice Inspection

Configuring the TLS Proxy for Encrypted Voice Inspection

What to Do Next

Once you have created the trustpoints and generated the certificates, create the internal CA to sign the
LDC for Cisco IP Phones. See

Creating an Internal CA, page 49-10

.

Creating an Internal CA

Create an internal local CA to sign the LDC for Cisco IP Phones.

This local CA is created as a regular self-signed trustpoint with proxy-ldc-issuer enabled. You can use
the embedded local CA LOCAL-CA-SERVER on the ASA to issue the LDC.

Step 5

hostname(config-ca-trustpoint)# subject-name

X.500_name

Example:

hostname(config-ca-trustpoint)# subject-name

cn=EJW-SV-1-Proxy

Includes the indicated subject DN in the certificate
during enrollment

Cisco IP Phones require certain fields from the
X.509v3 certificate to be present to validate the
certificate via consulting the CTL file.
Consequently, the subject-name entry must be
configured for a proxy certificate trustpoint. The
subject name must be composed of the ordered
concatenation of the CN, OU and O fields. The CN
field is mandatory; the others are optional.

Note

Each of the concatenated fields (when
present) are separated by a semicolon,
yielding one of the following forms:
CN=xxx;OU=yyy;O=zzz
CN=xxx;OU=yyy
CN=xxx;O=zzz
CN=xxx

Step 6

hostname(config-ca-trustpoint)# keypair keyname

Example:

hostname(config-ca-trustpoint)# keypair

ccm_proxy_key

Specifies the key pair whose public key is to be
certified.

Step 7

hostname(config-ca-trustpoint)# exit

Exits from the CA Trustpoint configuration mode.

Step 8

hostname(config)# crypto ca enroll trustpoint

Example:

hostname(config)# crypto ca enroll ccm_proxy

Starts the enrollment process with the CA and
specifies the name of the trustpoint to enroll with.

Command

Purpose

Command

Purpose

Step 1

hostname(config)# crypto ca trustpoint

trustpoint_name

Example:

hostname(config)# ! for the internal local LDC

issuer

hostname(config)# crypto ca trustpoint ldc_server

Enters the trustpoint configuration mode for the
specified trustpoint so that you can create the
trustpoint for the LDC issurer.

Step 2

hostname(config-ca-trustpoint)# enrollment self

Generates a self-signed certificate.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals