Cisco Systems OL-16647-01 Manage User Certificates, Manage User Database, Add a Local CA User

Page 18

Chapter 33 Configuring Certificates

Manage User Certificates

Manage User Certificates

The Local CA server maintains certificate renewals, re-issues user certificates, maintains the Certificate Revocation List (CRL), and revokes or restores privileges as needed. With the Manage User Certificates window, you can select specific certificates by username or by certificate serial number and change the certificate status (revoked/unrevoked).

Whenever you change any certificate status, be sure to update the CRL to reflect the latest changes.

To change certificate status, see Revoking a Local CA Certificate and Unrevoking a Local CA Certificate.

Revoking a Local CA Certificate

The Local CA Server keeps track of the lifetime of every user certificate and e-mails renewal notices when they are needed. If a user’s certificate lifetime period runs out, that user’s access is revoked. The Local CA also marks the certificate as revoked in the certificate database and automatically updates the information and reissues the CRL.

Unrevoking a Local CA Certificate

An already revoked user certificate can have privileges restored with notification by e-mail. Select a revoked user’s certificate and click Unrevoke to restore access. The Local CA also marks the certificate as unrevoked in the certificate database, automatically updates the certificate information, and reissues an updated CRL.

Manage User Database

The Local CA user database contains user identification information and the status of each user in the system (enrolled, allowed, revoked, etc.). With the Manage User Database window, you can add new users, select specific users by username to edit user information, and you can delete existing users and their certificates. Whenever you add a user or modify any user’s status, The Local CA automatically updates the CRL to reflect the latest changes.

To add a user to the Local CA Database, see Add a Local CA User.

To change user identification information for an existing user, see Edit a Local CA User.

To remove a user from the database, see Delete a Local CA User

To change the enrollment status of a user, see Allow Enrollment.

To e-mail One-Time-Passwords (OTPs) to a user, see Email OTP.

To view or regenerate a OTP, see View/Re-generate OTP.

Add a Local CA User

The Add button allows you to enter a new user into the Local CA database. Each new user to be entered into the database must have a predefined user name, e-mail address, and subject name. Local CA Add User

Fields

Username: Enter a valid user name.

Email: Specify an existing valid e-mail address.

Subject: Enter the user’s subject name.

 

Cisco Security Appliance Command Line Configuration Guide

33-18

OL-16647-01

Page 17 Page 19
Image 18
Page 17 Page 19
Contents CA Certificates Fields CA Certificate AuthenticationA P T E R 33-1Single Context System Firewall Mode Security Context Multiple RoutedModes 33-2Request CRL Edit CA Certificate ConfigurationShow CA Certificate Details Delete a CA CertificateCRL Retrieval Policy Configuration Configuration Options for CA CertificatesRevocation Check Configuration 33-4Advanced Configuration Options 33-5Identity Certificates Authentication 33-6Add/Install an Identity Certificate Add Identity Certificate Fields33-7 Show Identity Certificate Details Certificate Subject DN Attributes33-8 Export Identity Certificate Fields Delete an Identity CertificateExport an Identity Certificate 33-9Generate Certificate Signing Request Fields Installing Identity CertificatesGenerate Certificate Signing Request 33-10To Add the Identity Certificate To install an Identity CertificateCode-Signer Certificates 33-11Delete a Code-Signer Certificate Local Certificate AuthorityShow Code-Signer Certificate Details Import or Export a Code-Signer CertificateDefaults Default Local CA ServerConfigurable Parameters 33-13Configuring the Local CA Sever 33-14More Local CA Configuration Options 33-1533-16 Deleting the Local CA Server 33-17Revoking a Local CA Certificate Manage User CertificatesManage User Database Unrevoking a Local CA CertificateAllow Enrollment Edit a Local CA UserDelete a Local CA User Email OTP33-20
Top Page Image Contents