Chapter20 Certificate Authority Server
Create CA Server
20-4
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
CA Server Name
Provide a name to identify the server in the CA Server Name field. This could be
the host name of the router, or another name that you enter.
Grant
Choose Manual if you want to grant certificates manually. Choose Auto if you
want the server to grant certificates automatically. Auto, used mostly for debug
purposes, is not recommended since it will issue certificates to any requester
without requiring enrollment information.
Warning
Do not set Grant to Auto if your router is connected to the Internet. Grant should
be set to Auto only for internal purposes such as when executing debugging
procedures.
CDP URL
Enter the URL to a Certificate Revocation List Distribution Point (CDP) server in
the CDP URL field. The URL must be an HTTP URL. A sample URL follows:
http://172.18.108.26/cisco1cdp.cisco1.crl
The Certificate Revocation List (CRL) is the list of revoked certificates. Devices
needing to check the validity of another device’s certificate will fetch the CRL
from the CA server. Since many devices may attempt to fetch the CRL, offloading
it to a remote device, preferably an HTTP server, will reduce the performance
impact on the Cisco IOS router hosting the CA server. If the checking device
cannot connect to the CDP, as a backup it will use SCEP to fetch the CRL from
the CA server.
Issuer Name Attributes
Common Name (cn)
Enter the common name that you want to use for the certificate. This might be the
CA server name, the router hostname or another name you choos e.