Licensing requirements for digital certificates, Prerequisites for local certificates, Prerequisites for scep proxy support – Cisco ASA 5505 User Manual

Page 825

Advertising
background image

41-7

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 41 Configuring Digital Certificates

Licensing Requirements for Digital Certificates

Figure 41-1

The Local CA

Licensing Requirements for Digital Certificates

The following table shows the licensing requirements for this feature:

Prerequisites for Local Certificates

Local certificates have the following prerequisites:

Make sure that the ASA is configured correctly to support certificates. An incorrectly configured
ASA can cause enrollment to fail or request a certificate that includes inaccurate information.

Make sure that the hostname and domain name of the ASA are configured correctly. To view the
currently configured hostname and domain name, enter the show running-config command. For
information about configuring the hostname and domain name, see the

“Configuring the Hostname,

Domain Name, and Passwords” section on page 10-1

.

Make sure that the ASA clock is set accurately before configuring the CA. Certificates have a date
and time that they become valid and expire. When the ASA enrolls with a CA and obtains a
certificate, the ASA checks that the current time is within the valid range for the certificate. If it is
outside that range, enrollment fails.

Prerequisites for SCEP Proxy Support

Configuring the ASA as a proxy to submit requests for third-party certificates has the following
requirements:

AnyConnect Secure Mobility Client 3.0 or later must be running at the endpoint.

The authentication method, configured in the connection profile for your group policy, must be set
to use both AAA and certificate authentication.

User Enrollment Webpage

for PKCS12 Users Certificate

Enrollment and Retrieval

HTTP CRL retrieval

ASDM and CLI

configuration and

management

Local Database in flash memory

or Mounted external file system

(CIFS or FTP)

Security Device

with Local CA

Configured

191783

Model

License Requirement

All models

Base License.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals