Creating a ctl provider instance – Cisco ASA 5505 User Manual

Page 1047

Advertising
background image

49-11

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 49 Configuring the TLS Proxy for Encrypted Voice Inspection

Configuring the TLS Proxy for Encrypted Voice Inspection

What to Do Next

Once you have created the internal CA, create the CTL provider instance. See

Creating a CTL Provider

Instance, page 49-11

.

Creating a CTL Provider Instance

Create a CTL Provider instance in preparation for a connection from the CTL Client.

The default port number listened by the CTL Provider is TCP 2444, which is the default CTL port on the
Cisco UCM. Use the service port command to change the port number if a different port is used by the
Cisco UCM cluster.

Step 3

hostname(config-ca-trustpoint)# proxy-ldc-issuer

Issues TLS proxy local dynamic certificates. The
proxy-ldc-issuer command grants a crypto
trustpoint the role as local CA to issue the LDC and
can be accessed from crypto ca trustpoint
configuration mode.

The proxy-ldc-issuer command defines the local
CA role for the trustpoint to issue dynamic
certificates for TLS proxy. This command can only
be configured under a trustpoint with "enrollment
self."

Step 4

hostname(config-ca-trustpoint)# fqdn fqdn

Example:

hostname(config-ca-trustpoint)# fqdn

my-ldc-ca.exmaple.com

Includes the indicated FQDN in the Subject
Alternative Name extension of the certificate during
enrollment.

Step 5

hostname(config-ca-trustpoint)# subject-name

X.500_name

Example:

hostname(config-ca-trustpoint)# subject-name

cn=FW_LDC_SIGNER_172_23_45_200

Includes the indicated subject DN in the certificate
during enrollment

Step 6

hostname(config-ca-trustpoint)# keypair keyname

Example:

hostname(config-ca-trustpoint)# keypair

ldc_signer_key

Specifies the key pair whose public key is to be
certified.

Step 7

hostname(config-ca-trustpoint)# exit

Exits from the CA Trustpoint configuration mode.

Step 8

hostname(config)# crypto ca enroll trustpoint

Example:

hostname(config)# crypto ca enroll ldc_server

Starts the enrollment process with the CA and
specifies the name of the trustpoint to enroll with.

Command

Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals