Restoring users, Removing users – Cisco ASA 5505 User Manual

41-39

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 41 Configuring Digital Certificates

Configuring Digital Certificates

Restoring Users

To restore a user and a previously revoked certificate that was issued by the local CA server, perform the
following steps:

Removing Users

To delete a user from the user database by username, perform the following steps:

Command

Purpose

Step 1

crypto ca server

Example:

hostname (config)# crypto ca server

Enters local ca server configuration mode. Allows
you to configure and manage a local CA.

Step 2

crypto ca server unrevoke

cert-serial-no

Example:

hostname (config)# crypto ca server unrevoke

782ea09f

Restores a user and unrevokes a previously revoked
certificate that was issued by the local CA server.

The local CA maintains a current CRL with serial
numbers of all revoked user certificates. This list is
available to external devices and can be retrieved
directly from the local CA if it is configured to do so
with the cdp-url command and the publish-crl
command. When you revoke (or unrevoke) any
current certificate by certificate serial number, the
CRL automatically reflects these changes.

Command

Purpose

Step 1

crypto ca server

Example:

hostname (config)# crypto ca server

Enters local ca server configuration mode. Allows
you to configure and manage a local CA.

Step 2

crypto ca server user-db remove

username

Example:

hostname (config)# crypto ca server user-db remove

user1

Removes a user from the user database and allows
revocation of any valid certificates that were issued to
that user.