Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Editing or Removing a CA Certificate Configuration

44-11

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter44 Configuring Digital Certificates

Configuring CA Certificate Authentication

Step1 In the main ASDM application window, choose Configuration > Remote Access VPN > Certificate

Management > CA Certificates.

Step2 Click Add.

The Install Certificate dialog box appears. The selected trustpoint name appears in read-only format.

Step3 To add a certificate configuration from an existing file, click the Install from a file radio button (this is

the default setting).

Step4 Enter the path and file name, or click Browse to search for the file. Then click Install Certificate.

Step5 The Certificate Installation dialog box appears with a confirmation message indicating that the

certificate was successfully installed. Click OK to close this dialog box.

Step6 To enroll manually, click the Paste certificate in PEM format radio button.

Step7 Copy and paste the PEM format (base64 or hexadecimal) certificate into the area provided, then click

Install Certificate.

Step8 The Certificate Installation dialog box appears with a confirmation message indicating that the

certificate was successfully installed. Click OK to close this dialog box.

Step9 To enroll automatically, click the Use SCEP radio button. The ASA contacts the CA using SCEP, obtains

the certificates, and installs them on the device. To use SCEP, you must enroll with a CA that supports

SCEP, and you must enroll via the Internet. Automatic enrollment using SCEP requires that you provide

the following information:

•The path and file name of the certificate to be automatically installed.

•The maximum number of minutes to retry certificate installation. The default is one minute.

•The number of retries for installing a certificate. The default is zero, which indicates unlimited

retries within the retry period.

Note See Prerequisites for SCEP Proxy Support when choosing to use the SCEP method to install

certficates.

Step10 To display additional configuration options for new and existing certificates, click More Options.

The Configuration Options for CA Certificates pane appears.

Step11 To continue, see the “Editing or Removing a CA Certificate Configuration” section on page44-11.

Editing or Removing a CA Certificate Configuration

To change or remove an existing CA certificate configuration, perform the following steps:

Step1 To change an existing CA certificate configuration, select it, and then click Edit.

The Edit Options for CA Certificates pane appears. To change any of these settings, see the following

sections for procedures:

•“Configuring CRL Retrieval Policy” section on page44-13

•“Configuring CRL Retrieval Methods” section on page44-13

•“Configuring OCSP Rules” section on page 44-14

Cisco Systems Editing or Removing a CA Certificate Configuration