Adding a certificate revocation list issuer – Cisco 3.3 User Manual

Page 422

Advertising
background image

Chapter 10 System Configuration: Authentication and Certificates

Cisco Secure ACS Certificate Setup

10-42

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Retrieve CRL every—The quantity and period of time that Cisco Secure
ACS should wait between retrieving a CRL. For example 10 Days or 2
Months.

Retrieve on “Submit”—Selecting this option causes Cisco Secure ACS to
immediately attempt to contact the distribution URL and obtain the current
CRL when the new CRL request page is submitted for processing. We
recommend that you select this option when first obtaining a CRL to ensure
that the CRL is obtained successfully.

The Certificate Revocation List Issuers edit page also contains a line, at the
bottom of the table, titled Last Retrieve date:. This entry lists the status and the
date and time of the last CRL retrieval or retrieval attempt.

Adding a Certificate Revocation List Issuer

Before You Begin

Before adding a CRL issuer to Cisco Secure ACS, you should ensure that you
have listed the corresponding CA on the system’s CTL, and you have determined
the URL of the CRL distribution repository for the appropriate issuer and class of
certificate. For the automatic CRL retrieval function to operate, ensure that you
have enabled EAP-TLS.

To add a certificate revocation list issuer to Cisco Secure ACS, follow these steps:

Step 1

In the navigation bar, click System Configuration.

Step 2

Click ACS Certificate Setup.

Step 3

Click Certificate Revocation Lists.

Cisco Secure ACS displays the CRL Issuers edit page.

Step 4

Click Add.

Step 5

In the Name box, type a name for this CRL issuer.

Step 6

In the Description box, type a description for this CRL issuer.

Step 7

In the Issuer’s Certificate box, use the drop-down arrow to select from the list the
CA certificate associated with this CRL issuer.

Advertising