Chapter 33 Configuring Certificates

Manage User Certificates

Manage User Certificates

The Local CA server maintains certificate renewals, re-issues user certificates, maintains the Certificate Revocation List (CRL), and revokes or restores privileges as needed. With the Manage User Certificates window, you can select specific certificates by username or by certificate serial number and change the certificate status (revoked/unrevoked).

Whenever you change any certificate status, be sure to update the CRL to reflect the latest changes.

To change certificate status, see Revoking a Local CA Certificate and Unrevoking a Local CA Certificate.

Revoking a Local CA Certificate

The Local CA Server keeps track of the lifetime of every user certificate and e-mails renewal notices when they are needed. If a user’s certificate lifetime period runs out, that user’s access is revoked. The Local CA also marks the certificate as revoked in the certificate database and automatically updates the information and reissues the CRL.

Unrevoking a Local CA Certificate

An already revoked user certificate can have privileges restored with notification by e-mail. Select a revoked user’s certificate and click Unrevoke to restore access. The Local CA also marks the certificate as unrevoked in the certificate database, automatically updates the certificate information, and reissues an updated CRL.

Manage User Database

The Local CA user database contains user identification information and the status of each user in the system (enrolled, allowed, revoked, etc.). With the Manage User Database window, you can add new users, select specific users by username to edit user information, and you can delete existing users and their certificates. Whenever you add a user or modify any user’s status, The Local CA automatically updates the CRL to reflect the latest changes.

To add a user to the Local CA Database, see Add a Local CA User.

To change user identification information for an existing user, see Edit a Local CA User.

To remove a user from the database, see Delete a Local CA User

To change the enrollment status of a user, see Allow Enrollment.

To e-mail One-Time-Passwords (OTPs) to a user, see Email OTP.

To view or regenerate a OTP, see View/Re-generate OTP.

Add a Local CA User

The Add button allows you to enter a new user into the Local CA database. Each new user to be entered into the database must have a predefined user name, e-mail address, and subject name. Local CA Add User

Fields

Username: Enter a valid user name.

Email: Specify an existing valid e-mail address.

Subject: Enter the user’s subject name.

 

Cisco Security Appliance Command Line Configuration Guide

33-18

OL-16647-01

Page 18
Image 18
Cisco Systems OL-16647-01 manual Manage User Certificates, Manage User Database, Revoking a Local CA Certificate