Cisco Systems OL-16647-01 Delete an Identity Certificate, Export an Identity Certificate, 33-9

Page 9

Chapter 33 Configuring Certificates

Identity Certificates Authentication

Issued to— Displays the X.500 fields of the subject DN or certificate owner and their values. This applies only to available status.

Issued by—Displays the X.500 fields of the entity granting the certificate. This applies only to available status.

Delete an Identity Certificate

The Delete button immediately removes the selected Identity Certificate configuration from the security appliance. Once you delete a certificate configuration, it cannot be restored; to recreate the deleted certificate, use the Add button to reenter the certificate configuration information from the beginning

Note Once you delete a certificate configuration, it cannot be restored.

Export an Identity Certificate

The Export panel lets you export a certificate configuration with all associated keys and certificates in PKCS12 format, which must be in base64 format. An entire configuration includes the entire chain (root CA certificate, identity certificate, key pair) but not enrollment settings (subject name, FQDN and so on). This feature is commonly used in a failover or load-balancing configuration to replicate certificates across a group of security appliances; for example, remote access clients calling in to a central organization that has several units to service the calls. These units must have equivalent certificate configurations. In this case, an administrator can export a certificate configuration and then import it across the group of security appliances.

Export Identity Certificate Fields

Export to a file—Specify the name of the PKCS12-format file to use in exporting the certificate configuration;

Certificate Format—Click PKCS12 format, the public key cryptography standard, which can be base64 encoded or hexadecimal, or click PEM format.

Browse—Display the Select a File dialog box that lets you navigate to the file to which you want to export the certificate configuration.

Encryption Passphrase—Specify the passphrase used to encrypt the PKCS12 file for export.

Confirm Passphrase—Verify the encryption passphrase.

Export Certificate—Export the certificate configuration.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode

Security Context

 

 

 

 

 

 

 

 

 

Multiple

 

 

 

 

 

 

Routed

Transparent

Single

Context

System

 

 

 

 

 

 

 

 

 

 

 

 

Cisco Security Appliance Command Line Configuration Guide

 

 

 

 

 

 

OL-16647-01

 

 

33-9

 

 

 

 

 

Page 8 Page 10
Image 9
Page 8 Page 10
Contents A P T E R CA Certificate AuthenticationCA Certificates Fields 33-1Modes Firewall Mode Security Context Multiple RoutedSingle Context System 33-2Show CA Certificate Details Edit CA Certificate ConfigurationRequest CRL Delete a CA CertificateRevocation Check Configuration Configuration Options for CA CertificatesCRL Retrieval Policy Configuration 33-433-5 Advanced Configuration Options33-6 Identity Certificates AuthenticationAdd/Install an Identity Certificate Add Identity Certificate Fields33-7 Show Identity Certificate Details Certificate Subject DN Attributes33-8 Export an Identity Certificate Delete an Identity CertificateExport Identity Certificate Fields 33-9Generate Certificate Signing Request Installing Identity CertificatesGenerate Certificate Signing Request Fields 33-10Code-Signer Certificates To install an Identity CertificateTo Add the Identity Certificate 33-11Show Code-Signer Certificate Details Local Certificate AuthorityDelete a Code-Signer Certificate Import or Export a Code-Signer CertificateConfigurable Parameters Default Local CA ServerDefaults 33-1333-14 Configuring the Local CA Sever33-15 More Local CA Configuration Options33-16 33-17 Deleting the Local CA ServerManage User Database Manage User CertificatesRevoking a Local CA Certificate Unrevoking a Local CA CertificateDelete a Local CA User Edit a Local CA UserAllow Enrollment Email OTP33-20
Top Page Image Contents