25-55
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter25 Configuring IKE and IPsec Policies
Understanding Public Key Infrastructure Policies
Field Reference
PKI Enrollment Dialog Box—CA Information Tab
Use the CA Information tab of the PKI Enrollment dialog box to:
Define the name and location of the external certificate authority (CA) server.
Manually paste the certificate, if known.
Define the server’s level of support for revocation checking.
Navigation Path
Go to the PKI Enrollment dialog box and click the CA Information tab. For information on opening the
dialog box, see PKI Enrollment Dialog Box, page 25-54.
Table25-10 PKI Enrollment Dialog Box
Element Description
Name The object name, which can be up to 128 characters. Object names are
not case-sensitive. For more information, see Creating Policy Objects,
page 6-9.
Description An optional description of the object.
CA Information tab Use this tab to enter settings related to the Certificate Authority server,
its certificate, and its level of revocation checking support. For
information on the specific settings, see PKI Enrollment Dialog
Box—CA Information Tab, page 25-55.
Enrollment Parameters tab Use this tab to enter settings related to PKI enrollment. For information
on the specific settings, see PKI Enrollment Dialog Box—Enrollment
Parameters Tab, page 25-59.
Note You do not have to define enrollment parameters in order to
create or import a trustpoint in Security Manager.
Certificate Subject Name tab Use this tab to enter optional information to be included in the
certificate, including subject attributes. For information on the specific
settings, see PKI Enrollment Dialog Box—Certificate Subject Name
Tab, page 25-61.
Trusted CA Hierarchy tab Use this tab to define trusted CA servers that are arranged in a
hierarchical framework. For information on the specific settings, see
PKI Enrollment Dialog Box—Trusted CA Hierarchy Tab, page25-62.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.