Cisco Systems OL-16647-01 manual Code-Signer Certificates, To Add the Identity Certificate, 33-11

Page 11

Chapter 33 Configuring Certificates

Code-Signer Certificates

To Add the Identity Certificate:

Step 1 In the Identity Certificates panel, click the Add button.

Step 2 In the Add Identity Certificate panel, select Add a new identity certificate.

Step 3 Optionally, change the key pair or create a new key pair. A key pair is required.

Step 4 Enter the Certificate Subject DN: information and click the Select... button.

Step 5 In the Certificate Subject DN panel, be sure to specify all of the subject DN attributes required by the CA involved. See Certificate Subject DN Attributes. Then click OK to close the Certificate Subject DN panel.

Step 6 In the Add Identity Certificate panel, click the Advanced... button.

Step 7 In the Advanced Options panel, verify that the FQDN: field is the correct FQDN of the security appliance and click OK to close the window.

Step 8 In the Add Identity Certificate panel, click the Add Certificate at the bottom.

Step 9 When prompted to enter a name for the CSR, specify an easily-accessible file name of type text, such as c:\verisign-csr.txt.

Step 10 Send the CSR text file to the CA. Alternatively, you can paste the text file into the CSR enrollment page on the CA’s web site.

To install an Identity Certificate:

Step 1 When the CA returns the Identity Certificate to you, return to the Identity Certificates panel, select the pending certificate entry, and click the now active Install button.

Step 2 To assign the newly installed certificate for use with SSL VPN, navigate to the SSL Settings panel by SSL Settings hot link in the text under the list of certificates.

Step 3 In the SSL Settings panel, double-click the interface to be assigned to the certificate. the Edit SSL Certificate panel opens.

Step 4 In the Edit SSL Certificate panel, select the certificate from the Certificate: pull-down list and click OK. Note that the selected Identity Certificate displays in the ID Certificate field to the right of the selected Interface field.

Step 5 Be sure to click the Apply button at the bottom of the SSL Settings panel to save the newly-installed certificate with the ASA configuration.

Code-Signer Certificates

Code signing appends a digital signature to the executable code itself. This digital signature provides enough information to authenticate the signer as well as to ensure that the code has not been subsequently modified since signed.

Code-signer certificates are special certificates whose associated private keys are used to create digital signatures. The certificates used to sign code are obtained from a CA, with the signed code itself revealing the certificate origin. You can import code-signer certificates with the Import button on this panel or you can select the Java Code Signer panel, Configuration > Remote Access VPN > Clientless SSL VPN Access > Advanced > Java Code Signer.

The Code-signer Certificate Authentication panel allows you to:

Display details of an Identity Certificate. See Show Code-Signer Certificate Details.

 

 

Cisco Security Appliance Command Line Configuration Guide

 

 

 

 

 

 

OL-16647-01

 

 

33-11

 

 

 

 

 

Page 10 Page 12
Image 11
Page 10 Page 12
Contents 33-1 CA Certificate AuthenticationA P T E R CA Certificates Fields33-2 Firewall Mode Security Context Multiple RoutedModes Single Context SystemDelete a CA Certificate Edit CA Certificate ConfigurationShow CA Certificate Details Request CRL33-4 Configuration Options for CA CertificatesRevocation Check Configuration CRL Retrieval Policy Configuration33-5 Advanced Configuration Options33-6 Identity Certificates Authentication33-7 Add/Install an Identity CertificateAdd Identity Certificate Fields 33-8 Show Identity Certificate DetailsCertificate Subject DN Attributes 33-9 Delete an Identity CertificateExport an Identity Certificate Export Identity Certificate Fields33-10 Installing Identity CertificatesGenerate Certificate Signing Request Generate Certificate Signing Request Fields33-11 To install an Identity CertificateCode-Signer Certificates To Add the Identity CertificateImport or Export a Code-Signer Certificate Local Certificate AuthorityShow Code-Signer Certificate Details Delete a Code-Signer Certificate33-13 Default Local CA ServerConfigurable Parameters Defaults33-14 Configuring the Local CA Sever33-15 More Local CA Configuration Options33-16 33-17 Deleting the Local CA ServerUnrevoking a Local CA Certificate Manage User CertificatesManage User Database Revoking a Local CA CertificateEmail OTP Edit a Local CA UserDelete a Local CA User Allow Enrollment33-20
Top Page Image Contents