Chapter20 Certificate Authority Server
Create CA Server
20-6
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
complete—In addition to the information given by the minimal and names
options, each issued certificate is written to the database.
Database URL
Enter the location to which the CA server will write certificate enrollment data. If
no location is given, certificate enrollment data will be written to flash memory
by default.
For example, to write certificate enrollment data to a tftp server, enter
tftp://mytftp. To reset the database URL to flash memory, enter nvram.
Database Archive
Choose pem to create the archive in pem format, or pkcs12 to create the archive
in pkcs12 format.
Database Username
Enter a username for the database archive in the Database Username field. The
username and password will be used to authenticate the server to the database.
Database Password and Confirm Password
Enter a password in the Database Password field, and reenter it in the Confirm
Password field.
Lifetimes
Set the lifetime, or time before expiration, of items associated with the CA server.
To set the lifetime for a specific item, choose it from the Lifetime drop-down list
and enter a value in the Lifetime field.
You can set lifetimes for the following items:
Certificate—Certificates issued by the CA server. Lifetime is entered in
days, in the range 1–1825. If no value is entered, a certificate expires afte r one
year. If a new value is entered, it affects certificates created only after that
value is in effect.
CRL—The Certificate Revocation List for certificates issued by the CA
server. Lifetime is entered in hours, in the range 1–336. If no value is entered,
a CRL expires after 168 hours (one week).