Cisco ASA 5505 User Manual
Page 830
41-12
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 41 Configuring Digital Certificates
Configuring Digital Certificates
Step 9
ip-address
ip-address
Example:
hostname/contexta(config-ca-trustpoint)# ip-address
10.10.100.1
During enrollment, asks the CA to include the IP
address of the ASA in the certificate.
Step 10
keypair
name
Example:
hostname/contexta(config-ca-trustpoint)# keypair
exchange
Specifies the key pair whose public key is to be
certified.
Step 11
match certificate map-name override ocsp
Example:
hostname/contexta(config-ca-trustpoint)# match
certificate examplemap override ocsp
Configures OCSP URL overrides and trustpoints to
use for validating OCSP responder certificates.
Step 12
ocsp disable-nonce
Example:
hostname/contexta(config-ca-trustpoint)# ocsp
disable-nonce
Disables the nonce extension on an OCSP request.
The nonce extension cryptographically binds
requests with responses to avoid replay attacks.
Step 13
ocsp url
Example:
hostname/contexta(config-ca-trustpoint)# ocsp url
Configures an OCSP server for the ASA to use to
check all certificates associated with a trustpoint
rather than the server specified in the AIA extension
of the client certificate.
Step 14
password
string
Example:
hostname/contexta(config-ca-trustpoint)# password
mypassword
Specifies a challenge phrase that is registered with
the CA during enrollment. The CA usually uses this
phrase to authenticate a subsequent revocation
request.
Step 15
revocation check
Example:
hostname/contexta(config-ca-trustpoint)# revocation
check
Sets one or more methods for revocation checking:
CRL, OCSP, and none.
Step 16
subject-name
X.500 name
Example:
hostname/contexta(config-ca-trustpoint)# myname
X.500 examplename
During enrollment, asks the CA to include the
specified subject DN in the certificate. If a DN string
includes a comma, enclose the value string within
double quotes (for example, O=”Company, Inc.”).
Command Purpose