Chapter 33 Configuring Certificates

Identity Certificates Authentication

Generate Certificate Signing Request

This pane lets you generate a certificate signing request to send to Entrust. Be aware that at the time of this release, Entrust supports key modulus of size 1024 only. Consult Entrust if you are using any other value.

Generate Certificate Signing Request Fields

Key Pair—Use the drop-down menu to display the configured key pairs by name.

Show—Click to display information about the selected key pair, including date and time generated, usage (general or special purpose), modulus size, and key data.

New—Click to add a new key pair, providing a name, modulus size, and usage. When you generate the key pair, you have the option of sending it to the security appliance or saving it to a file.

Certificate Subject DN—Identifies DN attributes for the certificate.

Common Name (CN)—Enter the FQDN or IP address of the security appliance.

Organization (O)—Provide the name of the company.

Country (C)—Enter the two-letter code for the country.

Optional Parameters—Lets you add additional attributes for the signing request.

Additional DN Attributes—These include Department (OU), State (ST), Location (L), and E-mail Address (EA).

FQDN (SubjectAlt Name)—Use this certificate extension field to enter additional fully qualified domain name information if the CA requires it.

Generate Request—Click to generate the certificate signing request, which you can then Send to Entrust, or Save to File, and send later.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode

Security Context

 

 

 

 

 

 

 

 

 

Multiple

 

 

 

 

 

 

Routed

Transparent

Single

Context

System

 

 

 

 

 

 

 

 

 

 

Installing Identity Certificates

The Install button on the Identity Certificates window is inactivated unless there is a pending enrollment. Whenever the security appliance receives a Certificate Signing Request (CSR), the Identity Certificates window displays the pending ID certificate. When you highlight the pending Identity Certificate, the Install button activates.

When you transmit the pending file to a CA, the CA enrolls it and returns a certificate to the security appliance. Once you have the certificate, click the Install button and highlight the appropriate Identity and CA certificates to complete the operation.

The following steps illustrate adding and installing a pending Identity Certificate:

 

Cisco Security Appliance Command Line Configuration Guide

33-10

OL-16647-01

Page 9 Page 11
Page 10
Image 10
Cisco Systems OL-16647-01 manual Generate Certificate Signing Request, Installing Identity Certificates, 33-10
Page 9 Page 11
Top Page Image Contents