Configuring digital certificates, Configuring key pairs – Cisco ASA 5505 User Manual

Page 827

Advertising
background image

41-9

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 41 Configuring Digital Certificates

Configuring Digital Certificates

Configuring Digital Certificates

This section describes how to configure local CA certificates. Make sure that you follow the sequence
of tasks listed to correctly configure this type of digital certificate. This section includes the following
topics:

Configuring Key Pairs, page 41-9

Removing Key Pairs, page 41-10

Configuring Trustpoints, page 41-10

Configuring CRLs for a Trustpoint, page 41-13

Exporting a Trustpoint Configuration, page 41-15

Importing a Trustpoint Configuration, page 41-16

Configuring CA Certificate Map Rules, page 41-17

Obtaining Certificates Manually, page 41-18

Obtaining Certificates Automatically with SCEP, page 41-20

Configuring Proxy Support for SCEP Requests, page 41-21

Enabling the Local CA Server, page 41-22

Configuring the Local CA Server, page 41-23

Customizing the Local CA Server, page 41-25

Debugging the Local CA Server, page 41-26

Disabling the Local CA Server, page 41-26

Deleting the Local CA Server, page 41-26

Configuring Local CA Certificate Characteristics, page 41-27

Configuring Key Pairs

To generate key pairs, perform the following steps:

Command

Purpose

Step 1

crypto key generate rsa

Example:

hostname/contexta(config)# crypto key generate rsa

Generates one, general-purpose RSA key pair. The
default key modulus is 1024. To specify other
modulus sizes, use the modulus keyword.

Note

Many SSL connections using identity
certificates with RSA key pairs that exceed
1024 bits can cause high CPU usage on the
ASA and rejected clientless logins.

Step 2

crypto key generate rsa label

key-pair-label

Example:

hostname/contexta(config)# crypto key generate rsa

label exchange

(Optional) Assigns a label to each key pair. The label
is referenced by the trustpoint that uses the key pair.
If you do not assign a label, the key pair is
automatically labeled, Default-RSA-Key.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals