41-25
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter41 Configuring Digital Certificates
Configuring Digital Certificates
Customizing the Local CA Server
To configure a customized local CA server, perform the following steps:
Command Purpose
Step1 crypto ca server
Example:
hostname (config)# crypto ca server
Enters local CA server configuration mode. Allows
you to configure and manage a local CA.
Step2 issuer-name DN-string
Example:
hostname (config-ca-server)# issuer-name
cn=xx5520,cn=30.132.0.25,ou=DevTest,ou=QA,o=ASC
Systems
Specifies parameters that do not have default values.
Step3 smtp subject subject-line
Example:
hostname (config-ca-server) # smtp subject Priority
E-Mail: Enclosed Confidential Information is
Required for Enrollment
Customizes the text that appears in the subject field
of all e-mail messages sent from the local CA server
Step4 smtp from-address e-mail_address
Example:
hostname (config-ca-server) # smtp from-address
SecurityAdmin@hostcorp.com
Specifies the e-mail address that is to be used as the
From: field of all e-mail messages that are generated
by the local CA server.
Step5 subject-name-default dn
Example:
hostname (config-ca-server) # subject-name default
cn=engineer, o=ASC Systems, c=US
Specifies an optional subject-name DN to be
appended to a username on issued certificates. The
default subject-name DN becomes part of the
username in all user certificates issued by the local
CA server.
The allowed DN attribute keywords are as follows:
C = Country
CN = Common Name
EA = E-mail Address
L = Locality
O = Organization Name
OU = Organization Unit
ST = State/Province
SN = Surname
ST = State/Province
Note If you do not specify a subject-name-default
to serve as a standard subject-name default,
you must specify a DN each time that you
add a user.