Cisco ASA 5505 User Manual

Page 829

Advertising
background image

41-11

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 41 Configuring Digital Certificates

Configuring Digital Certificates

enrollment url

url

Example:

hostname/contexta(config-ca-trustpoint)# enrollment

url http://10.29.67.142:80/certsrv/mscep/mscep.dll

Requests automatic enrollment using SCEP with the
specified trustpoint and configures the enrollment
URL.

enrollment terminal

Example:

hostname/contexta(config-ca-trustpoint)# enrollment

terminal

Requests manual enrollment with the specified
trustpoint by pasting the certificate received from the
CA into the terminal.

Step 3

revocation-check crl none

revocation-check crl

revocation-check none

Example:

hostname/contexta(config-ca-trustpoint)#

revocation-check crl none

hostname/contexta(config-ca-trustpoint)#

revocation-check crl

hostname/contexta(config-ca-trustpoint)#

revocation-check none

Specifies the available CRL configuration options.

Note

To enable either required or optional CRL
checking, make sure that you configure the
trustpoint for CRL management after
obtaining certificates.

Step 4

crl configure

Example:

hostname/contexta(config-ca-trustpoint)# crl

configure

Enters crl configuration mode.

Step 5

email

address

Example:

hostname/contexta(config-ca-trustpoint)# email

example.com

During enrollment, asks the CA to include the
specified e-mail address in the Subject Alternative
Name extension of the certificate.

Step 6

enrollment retry period

Example:

hostname/contexta(config-ca-trustpoint)# enrollment

retry period 5

(Optional) Specifies a retry period in minutes, and
applies only to SCEP enrollment.

Step 7

enrollment retry count

Example:

hostname/contexta(config-ca-trustpoint)# enrollment

retry period 2

(Optional) Specifies a maximum number of
permitted retries, and applies only to SCEP
enrollment.

Step 8

fqdn

fqdn

Example:

hostname/contexta(config-ca-trustpoint)# fqdn

example.com

During enrollment, asks the CA to include the
specified fully qualified domain name in the Subject
Alternative Name extension of the certificate.

Command Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals