Cisco Systems OL-16647-01 Add/Install an Identity Certificate, Add Identity Certificate Fields

Chapter 33 Configuring Certificates

Identity Certificates Authentication

Add/Install an Identity Certificate

The Identity Certificate panel lets you import an existing identity certificate from a file or add a new certificate configuration from an existing file.

Click the appropriate option to activate one of the following:

Add Identity Certificate Fields

Assign values to the fields in the Add Identity Certificate dialog box as follows:

•To import an identity certificate from an existing file, select Import the identity certificate from a file and enter the following information:

–Decryption Pass Phrase—Specify the passphrase used to decrypt the PKCS12 file.

–File to Import From—You can type the pathname of the file in the box or you can click Browse and search for the file. Browse displays the Load Identity Certificate file dialog box that lets you navigate to the file containing the certificate.

•To add a new identity certificate requires the following information:—

–Key Pair—RSA key pairs are required to enroll for identity certificates. The security appliance supports multiple key pairs.

–Key Pair name (in Key Pair > Show window)— Specifies name of the key pair whose public key is to be certified.

–Generation time (in Key Pair > Show window)—Displays time of day and the date when the key pair is generated.

–Usage (in Key Pair > Show window)— Displays how an RSA key pair is to be used. There are two types of usage for RSA keys: general purpose (the default) and special. When you select Special, the security appliance generates two key pairs, one for signature use and one for encryption use. This implies that two certificates for the corresponding identity are required.

–Modulus Size (bits) (in Key Pair > Show window)— Displays the modulus size of the key pair(s): 512, 768, 1024, and 2048. The default modulus size is 1024.

–Key Data: (in Key Pair > Show window)—Indicates the window that contains the specific key data

–Name (in Key Pair > New window)—Selects a default key pair name, such as <Default-RSA-Key>, or you can enter a new key pair name.

–Size (in Key Pair > New window)—Specifies the default key pair size: 512, 788, 1024 (the default) or 2048.

–Usage (in Key Pair > New window)— Specifies the key pair usage as general purpose or special.

•The Advanced button on the Add Identity Certificate pane lets you establish the following certificate parameters, enrollment mode, and an optional revocation password for the device-specific identity certificate:

–FQDN (in Advanced > Certificate Parameters)—The Fully Qualified Domain Name (FQDN), an unambiguous domain name, specifies the position of the node in the DNS tree hierarchy.

–E-mail(in Advanced > Certificate Parameters)— The e-mail address associated with the Identity Certificate.

–IP Address (in Advanced > Certificate Parameters)—The security appliance address on the network in four-part dotted-decimal notation.