Chapter 33 Configuring Certificates

Local Certificate Authority

Delete an existing Identity Certificate. See Delete a Code-Signer Certificate. Export an existing Identity Certificate. See Import or Export a Code-Signer Certificate.

Show Code-Signer Certificate Details

The Show Details button displays the Code Signer Details dialog box, which shows the following information about the selected certificate:

General—Displays the values for type, serial number, status, usage, public key type, CRL distribution point, the times within which the certificate is valid, and associated certificates. This applies to both available and pending status.

Issued to— Displays the X.500 fields of the subject DN or certificate owner and their values. This applies only to available status.

Issued by—Displays the X.500 fields of the entity granting the certificate. This applies only to available status.

Delete a Code-Signer Certificate

The Delete button immediately removes the selected Code Signer certificate configuration from the security appliance. Once you delete a configuration, it cannot be restored; to recreate the configuration, you must use the Import button to reenter the configuration information from the beginning

Note Once you delete a Code Signer configuration, it cannot be restored.

Import or Export a Code-Signer Certificate

Assign values to the fields in the Import Certificate window as follows:

Decryption Passphrase: Specify the passphrase used to decrypt the PKCS12 file

Files to Import From: You can type the pathname of the file in the box or you can click Browse and search for the file. Browse displays the Import Certificate dialog box, which lets you navigate to the file containing the certificate.

Assign values to the fields in the Export Certificate window as follows:

Export to file—Specify the name of the PKCS12-format file to use in exporting the certificate configuration;

Certificate Format: Click PKCS12 format, the public key cryptography standard, which can be base64 encoded or hexadecimal, or click PEM format.

Browse—Display the Select a File dialog box that lets you navigate to the file to which you want to export the certificate configuration.

Decryption Passphrase—Specify the passphrase used to decrypt the PKCS12 file for export.

Confirm Passphrase—Verify the decryption passphrase.

Export Certificate—Exports the configuration.

Local Certificate Authority

The Local Certificate Authority (CA) provides a secure configurable inhouse authority that resides the security appliance for certificate authentication.

 

Cisco Security Appliance Command Line Configuration Guide

33-12

OL-16647-01

Page 12
Image 12
Cisco Systems OL-16647-01 manual Local Certificate Authority, Show Code-Signer Certificate Details, 33-12