Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Showing CA Certificate Details, Configuring CA Certificates for Revocation

44-12

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter44 Configuring Digital Certificates

Configuring CA Certificate Authentication

•“Configuring Advanced CRL and OCSP Settings” section on page44-15

Step2 To remove a CA certificate configuration, select it, and then click Delete.

Note After you delete a certificate configuration, it cannot be restored. To recreate the deleted

certificate, click Add to reenter all of the certificate configuration information.

Showing CA Certificate Details

To show detailed information about the selected CA certificate, click Show Details to display the

Certificate Details dialog box, which includes the following three display-only tabs:

•The General tab displays the values for type, serial number, status, usage, public key type, CRL

distribution point, the times within which the certificate is valid, and associated trustpoints. The

values apply to both available and pending status.

•The Issued to tab displays the X.500 fields of the subject DN or certificate owner and their values.

The values apply only to available status.

•The Issued by tab displays the X.500 fields of the entity granting the certificate. The values apply

only to available status.

Configuring CA Certificates for Revocation

To configure CA certificates for revocation, perform the following steps:

Step1 In the ASDM application window, choose Configuration > Site-to-Site VPN > Certificate

Management > CA Certificates > Add to display the Install Certificates dialog box. Then click More

Options.

Step2 In the Configuration Options for CA Certificates pane, click the Revocation Check tab.

Step3 To disable revocation checking of certificates, click the Do not check certificates for revocation radio

button.

Step4 To select one or more revocation checking methods (CRL or OCSP), click the Check certificates for

revocation radio button.

Step5 In the Revocation Methods area, available methods appear on the left. Click Add to move a method to

the right and make it available. Click Move Up or Move Down to change the method order.

The methods that you choose are implemented in the order in which you add them. If a method returns

an error, the next revocation checking method activates.

Step6 Check the Consider certificate valid if revocation checking returns errors check box to ignore

revocation checking errors during certificate validation.

Step7 Click OK to close the Revocation Check tab. Alternatively, to continue, see the “Configuring CRL

Retrieval Policy” section on page44-13.

Cisco Systems Showing CA Certificate Details, Configuring CA Certificates for Revocation