Cisco Systems OL-16647-01 Show Identity Certificate Details, Certificate Subject DN Attributes

Page 8

Chapter 33 Configuring Certificates

Identity Certificates Authentication

The check box Include serial number of the device allows you to add the security appliance serial number to the certificate parameters.

The Advanced > Enrollment Mode allows you to select either manual enrollment (Request by manual enrollment) or enrollment by CA (Request from a CA), which requires the following information:

Enrollment URL (SCEP): HTTP:// Enter the path and file name of the certificate to be automatically installed.

Retry Period: Specify the maximum number of minutes to retry installing an Identity certificate.The default is one minute.

Retry Count: Specify the number of retries for installing an Identity certificate. The default is 0, which indicates unlimited retries within the retry period.

In the Add Identity Certificate pane, enter the following Certificate Subject DN information:

Certificate Subject DN— Specify the certificate subject-name DN to form the DN in the Identity certificate, and click the Select... button to add DN attributes in the Certificate Subject DN pane.

Attribute: (in Certificate Subject DN > Select window)— Select one or more DN attributes from the pull-down menu. Selectable X.500 fields of attributes for the Certificate Subject DN are:

Certificate Subject DN Attributes

CN = Common Name

OU = Department

O = Company Name

C = Country

ST = State/Province

L = Location

EA = E-mail Address

Value: (in Certificate Subject DN > Select window)— Enter the value for each of the DN attributes that you select in the Attribute list. With a value assigned to an attribute, use the now-active Add button to add the attribute to the Attribute/Value field on the right. To remove attributes and their values, select the attribute and click the now-active Delete button.

Once you complete Identity Certificate configuration, click Add Certificate in the Add Identity Certificate pane. Then, be sure to click the Apply button in the Identity Certificates window to save the newly certificate configuration.

Show Identity Certificate Details

The Show Details button displays the Certificate Details dialog box, which shows the following information about the selected certificate:

General—Displays the values for type, serial number, status, usage, public key type, CRL distribution point, the times within which the certificate is valid, and associated certificates. This applies to both available and pending status.

 

Cisco Security Appliance Command Line Configuration Guide

33-8

OL-16647-01

Page 7 Page 9
Image 8
Page 7 Page 9
Contents CA Certificate Authentication A P T E RCA Certificates Fields 33-1Firewall Mode Security Context Multiple Routed ModesSingle Context System 33-2Edit CA Certificate Configuration Show CA Certificate DetailsRequest CRL Delete a CA CertificateConfiguration Options for CA Certificates Revocation Check ConfigurationCRL Retrieval Policy Configuration 33-4Advanced Configuration Options 33-5Identity Certificates Authentication 33-633-7 Add/Install an Identity CertificateAdd Identity Certificate Fields 33-8 Show Identity Certificate DetailsCertificate Subject DN Attributes Delete an Identity Certificate Export an Identity CertificateExport Identity Certificate Fields 33-9Installing Identity Certificates Generate Certificate Signing RequestGenerate Certificate Signing Request Fields 33-10To install an Identity Certificate Code-Signer CertificatesTo Add the Identity Certificate 33-11Local Certificate Authority Show Code-Signer Certificate DetailsDelete a Code-Signer Certificate Import or Export a Code-Signer CertificateDefault Local CA Server Configurable ParametersDefaults 33-13Configuring the Local CA Sever 33-14More Local CA Configuration Options 33-1533-16 Deleting the Local CA Server 33-17Manage User Certificates Manage User DatabaseRevoking a Local CA Certificate Unrevoking a Local CA CertificateEdit a Local CA User Delete a Local CA UserAllow Enrollment Email OTP33-20
Top Page Image Contents