Installing certificates – Cisco ASA 5505 User Manual

51-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 51 Configuring Cisco Unified Presence

Configuring Cisco Unified Presence Proxy for SIP Federation

What to Do Next

Install the certificate on the local entity truststore. You could also enroll the certificate with a local CA
trusted by the local entity. See the

“Installing Certificates” section on page 51-10

.

Installing Certificates

Export the self-signed certificate for the ASA created in the

“Creating Trustpoints and Generating

Certificates” section on page 51-9

and install it as a trusted certificate on the local entity. This task is

necessary for local entity to authenticate the ASA.

Prerequisites

To create a proxy certificate on the ASA that is trusted by the remote entity, obtain a certificate from a
trusted CA. For information about obtaining a certificate from a trusted CA, see the

“Configuring Digital

Certificates” section on page 41-9

.

Command

Purpose

Step 1

hostname(config)# crypto key generate rsa label

key-pair-label modulus size

Example:

crypto key generate rsa label ent_y_proxy_key

modulus 1024

INFO: The name for the keys will be: ent_y_proxy_key

Keypair generation process begin. Please wait...

hostname(config)#

Creates the RSA keypair that can be used for the
trustpoints.

The keypair is used by the self-signed certificate
presented to the local domain containing the Cisco
UP (proxy for the remote entity).

Step 2

hostname(config)# crypto ca trustpoint

trustpoint_name

Example:

hostname(config)# crypto ca trustpoint ent_y_proxy

Enters the trustpoint configuration mode for the
specified trustpoint so that you can create the
trustpoint for the remote entity.

A trustpoint represents a CA identity and possibly a
device identity, based on a certificate issued by the
CA.

Step 3

hostname(config-ca-trustpoint)# enrollment self

Generates a self-signed certificate.

Step 4

hostname(config-ca-trustpoint)# fqdn none

Specifies not to include a fully qualified domain
name (FQDN) in the Subject Alternative Name
extension of the certificate during enrollment.

Step 5

hostname(config-ca-trustpoint)# subject-name

X.500_name

Example:

hostname(config-ca-trustpoint)# subject-name

cn=Ent-Y-Proxy

Includes the indicated subject DN in the certificate
during enrollment

Step 6

hostname(config-ca-trustpoint)# keypair keyname

Example:

hostname(config-ca-trustpoint)# keypair

ent_y_proxy_key

Specifies the key pair whose public key is to be
certified.

Step 7

hostname(config-ca-trustpoint)# exit

Exits from the CA Trustpoint configuration mode.

Step 8

hostname(config)# crypto ca enroll trustpoint

Example:

hostname(config)# crypto ca enroll ent_y_proxy

Starts the enrollment process with the CA and
specifies the name of the trustpoint to enroll with.