Declaring and authenticating a ca trust point, Configuring dns – Cisco ASA 5505 User Manual

Page 1820

Advertising
background image

80-8

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 80 Configuring Anonymous Reporting and Smart Call Home

Configuring Anonymous Reporting and Smart Call Home

Declaring and Authenticating a CA Trust Point

If Smart Call Home is configured to send messages to a web server through HTTPS, you need to
configure the ASA to trust the certificate of the web server or the certificate of the Certificate Authority
(CA) that issued the certificate. The Cisco Smart Call Home Production server certificate is issued by
Verisign. The Cisco Smart Call Home Staging server certificate is issued by Digital Signature Trust Co.

Detailed Steps

To declare and authenticate the Cisco server security certificate and establish communication with the
Cisco HTTPS server for Smart Call Home service, perform this task:

Configuring DNS

You must configure DNS so that the HTTPS URLs in the Smart Call Home profile can successfully
resolve.

To configure DNS, perform the following tasks:

Step 1

crypto ca truspoint

trustpoint-name

Example:

hostname(config)# crypto ca trustpoint cisco

Configures a trustpoint and prepares for certificate
enrollment.

Note

If you use HTTP as the transport method,
you must install a security certificate
through a trustpoint, which is required for
HTTPS. Find the specific certificate to
install at the following URL:

http://www.cisco.com/en/US/docs/switches/lan
/smart_call_home/SCH31_Ch6.html#wp10353
80

Step 2

enroll terminal

Example:

hostname(ca-trustpoint)# enroll terminal

Specifies a manual cut-and-paste method of
certificate enrollment.

Step 3

exit

hostname(ca-trustpoint)# exit

Exits CA trustpoint configuration mode and returns
to global configuration mode.

Step 4

crypto ca authenticate

trustpoint

Example:

hostname(ca-trustpoint)# crypto ca authenticate

cisco

Authenticates the named CA. The CA name should
match the trust point name specified in the crypto ca
trustpoint
command. At the prompt, paste the
security certificate text.

Step 5

quit

Example:

hostname(ca-trustpoint)# quit

%Do you accept this certificate [yes/no]:

yes

Specifies the end of the security certificate text and
confirms acceptance of th entered security
certificate.

Advertising