Customizing the local ca server – Cisco ASA 5505 User Manual

Page 843

Advertising
background image

41-25

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 41 Configuring Digital Certificates

Configuring Digital Certificates

Customizing the Local CA Server

To configure a customized local CA server, perform the following steps:

Command

Purpose

Step 1

crypto ca server

Example:

hostname (config)# crypto ca server

Enters local CA server configuration mode. Allows
you to configure and manage a local CA.

Step 2

issuer-name

DN-string

Example:

hostname (config-ca-server)# issuer-name

cn=xx5520,cn=30.132.0.25,ou=DevTest,ou=QA,o=ASC

Systems

Specifies parameters that do not have default values.

Step 3

smtp subject

subject-line

Example:

hostname (config-ca-server) # smtp subject Priority

E-Mail: Enclosed Confidential Information is

Required for Enrollment

Customizes the text that appears in the subject field
of all e-mail messages sent from the local CA server

Step 4

smtp from-address

e-mail_address

Example:

hostname (config-ca-server) # smtp from-address

[email protected]

Specifies the e-mail address that is to be used as the
From: field of all e-mail messages that are generated
by the local CA server.

Step 5

subject-name-default

dn

Example:

hostname (config-ca-server) # subject-name default

cn=engineer, o=ASC Systems, c=US

Specifies an optional subject-name DN to be
appended to a username on issued certificates. The
default subject-name DN becomes part of the
username in all user certificates issued by the local
CA server.

The allowed DN attribute keywords are as follows:

C = Country

CN = Common Name

EA = E-mail Address

L = Locality

O = Organization Name

OU = Organization Unit

ST = State/Province

SN = Surname

ST = State/Province

Note

If you do not specify a subject-name-default
to serve as a standard subject-name default,
you must specify a DN each time that you
add a user.

Advertising