Cisco Systems OL-16647-01 manual Deleting the Local CA Server, 33-17

Page 17

Chapter 33 Configuring Certificates

Local Certificate Authority

Default Subject-name-default DN Keywords

ST = State/Province

T = Title

Enrollment Period

The Enrollment Period field specifies the number of hours an enrolled user can retrieve a PKCS12 enrollment file in order to enroll and retrieve a user certificate. The enrollment period is independent of the OTP expiration period. The default Enrollment Period is 24 hours.

Note Certificate enrollment for the Local CA is supported only for Clientless SSL VPN connections and is not supported for other SSL VPN clients such as CVC or for IPSec VPN connections. For clientless SSL VPN connections, communications between the client and the head-end is through a web browser utilizing standard HTML.

One-Time-Password Expiration

The One-Time-Password (OTP) expiration field specifies the length of time that a one-time password e-mailed to an enrolling user is valid. The default value is 72 hours.

Certificate Expiration Reminder

The Certificate Expiration Reminder field specifies the number of days before expiration reminders are sent to e-mailed to users. The default is 14 days.

Apply Button

The Apply button lets you save the new or modified CA certificate configuration.

Reset Button

The Reset button removes any changes or edits and returns the display to the original contents.

Deleting the Local CA Server

The Delete Certificate Authority Server button at the bottom of the More Options section of the CA Server panel, immediately removes the Local CA Certificate configuration from the security appliance. Once you delete the Local CA configuration, it cannot be restored; to recreate the deleted configuration, you must reenter the certificate configuration information from the beginning.

Note Deleting the Local CA Server removes the configuration from the security appliance. Once deleted, the configuration is unrecoverable.

Modes

The following table shows the modes in which this feature is available:

 

 

Firewall Mode

Security Context

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Multiple

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Routed

Transparent

Single

Context

System

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cisco Security Appliance Command Line Configuration Guide

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

OL-16647-01

 

 

 

 

 

 

33-17

 

 

 

 

 

 

 

 

 

Page 16 Page 18
Image 17
Page 16 Page 18
Contents A P T E R CA Certificate AuthenticationCA Certificates Fields 33-1Modes Firewall Mode Security Context Multiple RoutedSingle Context System 33-2Show CA Certificate Details Edit CA Certificate ConfigurationRequest CRL Delete a CA CertificateRevocation Check Configuration Configuration Options for CA CertificatesCRL Retrieval Policy Configuration 33-433-5 Advanced Configuration Options33-6 Identity Certificates Authentication33-7 Add/Install an Identity CertificateAdd Identity Certificate Fields 33-8 Show Identity Certificate DetailsCertificate Subject DN Attributes Export an Identity Certificate Delete an Identity CertificateExport Identity Certificate Fields 33-9Generate Certificate Signing Request Installing Identity CertificatesGenerate Certificate Signing Request Fields 33-10Code-Signer Certificates To install an Identity CertificateTo Add the Identity Certificate 33-11Show Code-Signer Certificate Details Local Certificate AuthorityDelete a Code-Signer Certificate Import or Export a Code-Signer CertificateConfigurable Parameters Default Local CA ServerDefaults 33-1333-14 Configuring the Local CA Sever33-15 More Local CA Configuration Options33-16 33-17 Deleting the Local CA ServerManage User Database Manage User CertificatesRevoking a Local CA Certificate Unrevoking a Local CA CertificateDelete a Local CA User Edit a Local CA UserAllow Enrollment Email OTP33-20
Top Page Image Contents