Renewing users – Cisco ASA 5505 User Manual

41-38

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 41 Configuring Digital Certificates

Configuring Digital Certificates

Renewing Users

To specify the timing of renewal notices, perform the following steps:

Command

Purpose

Step 1

crypto ca server

Example:

hostname (config)# crypto ca server

Enters local CA server configuration mode. Allows
you to configure and manage a local CA.

Step 2

renewal-reminder

time

Example:

hostname (config-ca-server)# renewal-reminder 7

Specifies the number of days (1-90) before the local
CA certificate expires that an initial reminder to
reenroll is sent to certificate owners. If a certificate
expires, it becomes invalid.

Renewal notices and the times they are e-mailed to
users are variable, and can be configured by the
administrator during local CA server configuration.

Three reminders are sent. An e-mail is automatically
sent to the certificate owner for each of the three
reminders, provided an e-mail address is specified in
the user database. If no e-mail address exists for the
user, a syslog message alerts you of the renewal
requirement.

The ASA automatically grants certificate renewal
privileges to any user who holds a valid certificate
that is about to expire, as long as the user still exists
in the user database. Therefore, if an administrator
does not want to allow a user to renew automatically,
the administrator must remove the user from the
database before the renewal time period.