41-39
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter41 Configuring Digital Certificates
Configuring Digital Certificates
Restoring Users
To restore a user and a previously revoked certificate that was issued by the local CA server, perform the
following steps:
Removing Users
To delete a user from the user database by username, perform the following steps:
Command Purpose
Step1 crypto ca server
Example:
hostname (config)# crypto ca server
Enters local ca server configuration mode. Allows
you to configure and manage a local CA.
Step2 crypto ca server unrevoke cert-serial-no
Example:
hostname (config)# crypto ca server unrevoke
782ea09f
Restores a user and unrevokes a previously revoked
certificate that was issued by the local CA server.
The local CA maintains a current CRL with serial
numbers of all revoked user certificates. This list is
available to external devices and can be retrieved
directly from the local CA if it is configured to do so
with the cdp-url command and the publish-crl
command. When you revoke (or unrevoke) any
current certificate by certificate serial number, the
CRL automatically reflects these changes.
Command Purpose
Step1 crypto ca server
Example:
hostname (config)# crypto ca server
Enters local ca server configuration mode. Allows
you to configure and manage a local CA.
Step2 crypto ca server user-db remove username
Example:
hostname (config)# crypto ca server user-db remove
user1
Removes a user from the user database and allows
revocation of any valid certificates that were issued to
that user.