80-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter80 Configuring Anonymous Reporting and Smar t Call Home
Configuring Anonymous Reporting and Smart Call Home
Declaring and Authenticating a CA Trust Point
If Smart Call Home is configured to send messages to a web server through HTTPS, you need to
configure the ASA to trust the certificate of the web server or the certificate of the Certificate Authority
(CA) that issued the certificate. The Cisco Smart Call Home Production server certificate is issued by
Verisign. The Cisco Smart Call Home Staging server certificate is issued by Digital Signature Trust Co.
Detailed Steps
To declare and authenticate the Cisco server security certificate and establish communication with the
Cisco HTTPS server for Smart Call Home service, perform this task:
Configuring DNS
You must configure DNS so that the HTTPS URLs in the Smart Call Home profile can successfully
resolve.
To configure DNS, perform the following tasks:
Step1 crypto ca truspoint trustpoint-name
Example:
hostname(config)# crypto ca trustpoint cisco
Configures a trustpoint and prepares for certificate
enrollment.
Note If you use HTTP as the transport method,
you must install a security certificate
through a trustpoint, which is required for
HTTPS. Find the specific certificate to
install at the following URL:
http://www.cisco.com/en/US/docs/switches/lan
/smart_call_home/SCH31_Ch6.html#wp10353
80
Step2 enroll terminal
Example:
hostname(ca-trustpoint)# enroll terminal
Specifies a manual cut-and-paste method of
certificate enrollment.
Step3 exit
hostname(ca-trustpoint)# exit
Exits CA trustpoint configuration mode and returns
to global configuration mode.
Step4 crypto ca authenticate trustpoint
Example:
hostname(ca-trustpoint)# crypto ca authenticate
cisco
Authenticates the named CA. The CA name should
match the trust point name specified in the crypto ca
trustpoint command. At the prompt, paste the
security certificate text.
Step5 quit
Example:
hostname(ca-trustpoint)# quit
%Do you accept this certificate [yes/no]:
yes
Specifies the end of the security certificate text and
confirms acceptance of th entered security
certificate.