Cisco ASA 5505 User Manual

41-24

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 41 Configuring Digital Certificates

Configuring Digital Certificates

Examples

The following example shows how to configure and enable the local CA server using the predefined
default values for all required parameters:

hostname (config)# crypto ca server

hostname (config-ca-server) # smtp from-address [email protected]

hostname (config-ca-server)# subject-name-default cn=engineer, o=asc Systems, c=US

hostname (config-ca-server)# no shutdown

Step 3

subject-name-default

dn

Example:

hostname (config-ca-server)# subject-name-default

cn=engineer, o=asc systems, c=”US”

(Optional) Specifies the subject-name DN that is
appended to each username on issued certificates.

The subject-name DN and the username combine to
form the DN in all user certificates that are issued by
the local CA server. If you do not specify a
subject-name DN, you must specify the exact subject
name DN to be included in a user certificate each
time that you add a user to the user database.

Note

Make sure that you review all optional
parameters carefully before you enable the
configured local CA, because you cannot
change issuer-name and keysize server values
after you enable the local CA for the first
time.

Step 4

no shutdown

Example:

hostname (config-ca-server)# no shutdown

Creates the self-signed certificate and associates it
with the local CA on the ASA. The self-signed
certificate key usage extension has key encryption,
key signature, CRL signing, and certificate signing
capabilities.

Note

After the self-signed local CA certificate has
been generated, to change any characteristics,
you must delete the existing local CA server
and completely recreate it.

The local CA server keeps track of user certificates,
so the administrator can revoke or restore privileges
as needed.

Command

Purpose