41-12
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter41 Configuring Digital Certificates
Configuring Digital Certificates
Step9 ip-address ip-address
Example:
hostname/contexta(config-ca-trustpoint)# ip-address
10.10.100.1
During enrollment, asks the CA to include the IP
address of the ASA in the certificate.
Step10 keypair name
Example:
hostname/contexta(config-ca-trustpoint)# keypair
exchange
Specifies the key pair whose public key is to be
certified.
Step11 match certificate map-name override ocsp
Example:
hostname/contexta(config-ca-trustpoint)# match
certificate examplemap override ocsp
Configures OCSP URL overrides and trustpoints to
use for validating OCSP responder certificates.
Step12 ocsp disable-nonce
Example:
hostname/contexta(config-ca-trustpoint)# ocsp
disable-nonce
Disables the nonce extension on an OCSP request.
The nonce extension cryptographically binds
requests with responses to avoid replay attacks.
Step13 ocsp url
Example:
hostname/contexta(config-ca-trustpoint)# ocsp url
Configures an OCSP server for the ASA to use to
check all certificates associated with a trustpoint
rather than the server specified in the AIA extension
of the client certificate.
Step14 password string
Example:
hostname/contexta(config-ca-trustpoint)# password
mypassword
Specifies a challenge phrase that is registered with
the CA during enrollment. The CA usually uses this
phrase to authenticate a subsequent revocation
request.
Step15 revocation check
Example:
hostname/contexta(config-ca-trustpoint)# revocation
check
Sets one or more methods for revocation checking:
CRL, OCSP, and none.
Step16 subject-name X.500 name
Example:
hostname/contexta(config-ca-trustpoint)# myname
X.500 examplename
During enrollment, asks the CA to include the
specified subject DN in the certificate. If a DN string
includes a comma, enclose the value string within
double quotes (for example, O=”Company, Inc.”).
Command Purpose