C H A P T E R 33
Configuring Certificates
Digital certificates provide digital identification for authentication. A digital certificate contains information that identifies a device or user, such as the name, serial number, company, department, or IP address. CAs issue digital certificates in the context of a PKI, which uses
For authentication using digital certificates, there must be at least one identity certificate and its issuing CA certificate on a security appliance, which allows for multiple identities, roots and certificate hierarchies. There a number of different types of digital certificates listed below:
•A CA certificate is one used to sign other certificates. A CA certificate that is
•CAs also issue identity certificates, which are the certificates for specific systems or hosts. See Identity Certificates Authentication.
•
•The Local Certificate Authority (CA) integrates an independent certificate authority functionality on the security appliance, deploys certificates, and provides secure revocation checking of issued certificates. The Local CA provides a secure configurable inhouse authority for certificate authentication with user enrollment by browser web page login. See Local Certificate Authority, Manage User Certificates, and Manage User Database.
CA Certificate Authentication
The CA Certificates panel allows you to authenticate
If the certificate you select is configured for manual enrollment, you should obtain the CA certificate manually and import it here. If the certificate you select is configured for automatic enrollment, the security appliance uses the SCEP protocol to contact the CA, and then automatically obtains and installs the certificate.
CA Certificates Fields
•Certificates
|
| Cisco Security Appliance Command Line Configuration Guide |
|
|
|
|
|
| |||
|
|
|
|
| |
|
|
|
|
