41-23
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter41 Configuring Digital Certificates
Configuring Digital Certificates
hostname (config-ca-server )# no shutdown
% Some server settings cannot be changed after CA certificate generation.
% Please enter a passphrase to protect the private key
% or type Return to exit
Password: caserver
Re-enter password: caserver
Keypair generation process begin. Please wait...
The following is sample output that shows local CA server configuration and status:
Certificate Server LOCAL-CA-SERVER:
Status: enabled
State: enabled
Server's configuration is locked (enter “shutdown” to unlock it)
Issuer name: CN=wz5520-1-16
CA certificate fingerprint/thumbprint: (MD5)
76dd1439 ac94fdbc 74a0a89f cb815acc
CA certificate fingerprint/thumbprint: (SHA1)
58754ffd 9f19f9fd b13b4b02 15b3e4be b70b5a83
Last certificate issued serial number: 0x6
CA certificate expiration timer: 14:25:11 UTC Jan 16 2008
CRL NextUpdate timer: 16:09:55 UTC Jan 24 2007
Current primary storage dir: flash:
Configuring the Local CA Server
To configure the local CA server, perform the following steps:
Command Purpose
Step1 crypto ca server
Example:
hostname (config)# crypto ca server
Enters local CA server configuration mode.
Generates the local CA.
Step2 smtp from-address e-mail_address
Example:
hostname (config- ca-server) # smtp from-address
SecurityAdmin@hostcorp.com
Specifies the SMTP from-address, a valid e-mail
address that the local CA uses as a from address when
sending e-mail messages that deliver OTPs for an
enrollment invitation to users.