Contents
xxx
Cisco ASA 5500 Series Configuration Guide using the CLI
Proxy for SCEP Requests 41-3
Revocation Checking 41-4
Supported CA Servers 41-4
CRLs 41-4
OCSP 41-5
The Local CA 41-6
Storage for Local CA Files 41-6
The Local CA Server 41-6
Licensing Requirements for Digital Certificates 41-7
Prerequisites for Local Certificates 41-7
Prerequisites for SCEP Proxy Support 41-7
Guidelines and Limitations 41-8
Configuring Digital Certificates 41-9
Configuring Key Pairs 41-9
Removing Key Pairs 41-10
Configuring Trustpoints 41-10
Configuring CRLs for a Trustpoint 41-13
Exporting a Trustpoint Configuration 41-15
Importing a Trustpoint Configuration 41-16
Configuring CA Certificate Map Rules 41-17
Obtaining Certificates Manually 41-18
Obtaining Certificates Automatically with SCEP 41-20
Configuring Proxy Support for SCEP Requests 41-21
Enabling the Local CA Server 41-22
Configuring the Local CA Server 41-23
Customizing the Local CA Server 41-25
Debugging the Local CA Server 41-26
Disabling the Local CA Server 41-26
Deleting the Local CA Server 41-26
Configuring Local CA Certificate Characteristics 41-27
Configuring the Issuer Name 41-28
Configuring the CA Certificate Lifetime 41-28
Configuring the User Certificate Lifetime 41-29
Configuring the CRL Lifetime 41-30
Configuring the Server Keysize 41-30
Setting Up External Local CA File Storage 41-31
Downloading CRLs 41-33
Storing CRLs 41-34
Setting Up Enrollment Parameters 41-35