Configuring local ca certificate characteristics – Cisco ASA 5505 User Manual
Page 845
41-27
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 41 Configuring Digital Certificates
Configuring Digital Certificates
Configuring Local CA Certificate Characteristics
You can configure the following characteristics of local CA certificates:
•
The name of the certificate issuer as it appears on all user certificates.
•
The lifetime of the local CA certificates (server and user) and the CRL.
•
The length of the public and private keypairs associated with local CA and user certificates.
This section includes the following topics:
•
Configuring the Issuer Name, page 41-28
•
Configuring the CA Certificate Lifetime, page 41-28
•
Configuring the User Certificate Lifetime, page 41-29
•
Configuring the CRL Lifetime, page 41-30
•
Configuring the Server Keysize, page 41-30
•
Setting Up External Local CA File Storage, page 41-31
•
•
•
Setting Up Enrollment Parameters, page 41-35
•
Adding and Enrolling Users, page 41-36
•
•
•
•
Revoking Certificates, page 41-40
•
Maintaining the Local CA Certificate Database, page 41-40
•
Rolling Over Local CA Certificates, page 41-40
•
Archiving the Local CA Server Certificate and Keypair, page 41-41
no crypto ca server
Example:
hostname (config)# no crypto ca server
Removes an existing local CA server (either enabled or
disabled).
Note
Deleting the local CA server removes the
configuration from the ASA. After the configuration
has been deleted, it is unrecoverable.
Make sure that you also delete the associated local CA server
database and configuration files (that is, all files with the
wildcard name, LOCAL-CA-SERVER.*).
clear configure crypto ca server
Example:
hostname (config)# clear config crypto ca server
Command
Purpose