Obtaining certificates manually – Cisco ASA 5505 User Manual

Page 836

Advertising
background image

41-18

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 41 Configuring Digital Certificates

Configuring Digital Certificates

Obtaining Certificates Manually

To obtain certificates manually, perform the following steps:

Command

Purpose

Step 1

crypto ca authenticate

trustpoint

Example:

hostname(config)# crypto ca authenticate Main

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line

by itself

MIIDRTCCAu+gAwIBAgIQKVcqP/KW74VP0NZzL+JbRTANBgkqhkiG

9w0BAQUFADCB

[ certificate data omitted ]

/7QEM8izy0EOTSErKu7Nd76jwf5e4qttkQ==

quit

INFO: Certificate has the following attributes:

Fingerprint: 24b81433 409b3fd5 e5431699 8d490d34

Do you accept this certificate? [yes/no]: y

Trustpoint CA certificate accepted.

% Certificate successfully imported

Imports the CA certificate for the configured
trustpoint.

Note

This step assumes that you have already
obtained a base-64 encoded CA certificate
from the CA represented by the trustpoint.

Whether a trustpoint requires that you manually
obtain certificates is determined by the use of the
enrollment terminal command when you configure
the trustpoint. For more information, see the

“Configuring Trustpoints” section on page 41-10

.

Step 2

crypto ca enroll

trustpoint

Example:

hostname(config)# crypto ca enroll Main

% Start certificate enrollment ..

% The fully-qualified domain name in the certificate

will be: securityappliance.example.com

% Include the device serial number in the subject

name? [yes/no]: n

Display Certificate Request to terminal? [yes/no]: y

Certificate Request follows:

MIIBoDCCAQkCAQAwIzEhMB8GCSqGSIb3DQEJAhYSRmVyYWxQaXgu

Y2lzY28uY29t

[ certificate request data omitted ]

jF4waw68eOxQxVmdgMWeQ+RbIOYmvt8g6hnBTrd0GdqjjVLt

---End - This line not part of the certificate

request---

Redisplay enrollment request? [yes/no]: n

Enrolls the ASA with the trustpoint. Generates a
certificate for signing data and depending on the type
of keys that you have configured, for encrypting data.

If you use separate RSA keys for signing and
encryption, the crypto ca enroll command displays
two certificate requests, one for each key. If you use
general-purpose RSA keys for both signing and
encryption, the crypto ca enroll command displays
one certificate request.

To complete enrollment, obtain a certificate for all
certificate requests generated by the crypto ca enroll
command from the CA represented by the applicable
trustpoint. Make sure that the certificate is in base-64
format.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals