Configuring the local ca server – Cisco ASA 5505 User Manual

41-23

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 41 Configuring Digital Certificates

Configuring Digital Certificates

hostname (config-ca-server)# no shutdown

% Some server settings cannot be changed after CA certificate generation.

% Please enter a passphrase to protect the private key

% or type Return to exit

Password: caserver

Re-enter password: caserver

Keypair generation process begin. Please wait...

The following is sample output that shows local CA server configuration and status:

Certificate Server LOCAL-CA-SERVER:

Status: enabled

State: enabled

Server's configuration is locked (enter “shutdown” to unlock it)

Issuer name: CN=wz5520-1-16

CA certificate fingerprint/thumbprint: (MD5)

76dd1439 ac94fdbc 74a0a89f cb815acc

CA certificate fingerprint/thumbprint: (SHA1)

58754ffd 9f19f9fd b13b4b02 15b3e4be b70b5a83

Last certificate issued serial number: 0x6

CA certificate expiration timer: 14:25:11 UTC Jan 16 2008

CRL NextUpdate timer: 16:09:55 UTC Jan 24 2007

Current primary storage dir: flash:

Configuring the Local CA Server

To configure the local CA server, perform the following steps:

Command

Purpose

Step 1

crypto ca server

Example:

hostname (config)# crypto ca server

Enters local CA server configuration mode.
Generates the local CA.

Step 2

smtp from-address

e-mail_address

Example:

hostname (config-ca-server) # smtp from-address

[email protected]

Specifies the SMTP from-address, a valid e-mail
address that the local CA uses as a from address when
sending e-mail messages that deliver OTPs for an
enrollment invitation to users.