Chapter 33 Configuring Certificates

Identity Certificates Authentication

Issued to— Displays the X.500 fields of the subject DN or certificate owner and their values. This applies only to available status.

Issued by—Displays the X.500 fields of the entity granting the certificate. This applies only to available status.

Delete an Identity Certificate

The Delete button immediately removes the selected Identity Certificate configuration from the security appliance. Once you delete a certificate configuration, it cannot be restored; to recreate the deleted certificate, use the Add button to reenter the certificate configuration information from the beginning

Note Once you delete a certificate configuration, it cannot be restored.

Export an Identity Certificate

The Export panel lets you export a certificate configuration with all associated keys and certificates in PKCS12 format, which must be in base64 format. An entire configuration includes the entire chain (root CA certificate, identity certificate, key pair) but not enrollment settings (subject name, FQDN and so on). This feature is commonly used in a failover or load-balancing configuration to replicate certificates across a group of security appliances; for example, remote access clients calling in to a central organization that has several units to service the calls. These units must have equivalent certificate configurations. In this case, an administrator can export a certificate configuration and then import it across the group of security appliances.

Export Identity Certificate Fields

Export to a file—Specify the name of the PKCS12-format file to use in exporting the certificate configuration;

Certificate Format—Click PKCS12 format, the public key cryptography standard, which can be base64 encoded or hexadecimal, or click PEM format.

Browse—Display the Select a File dialog box that lets you navigate to the file to which you want to export the certificate configuration.

Encryption Passphrase—Specify the passphrase used to encrypt the PKCS12 file for export.

Confirm Passphrase—Verify the encryption passphrase.

Export Certificate—Export the certificate configuration.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode

Security Context

 

 

 

 

 

 

 

 

 

Multiple

 

 

 

 

 

 

Routed

Transparent

Single

Context

System

 

 

 

 

 

 

 

 

 

 

 

 

Cisco Security Appliance Command Line Configuration Guide

 

 

 

 

 

 

OL-16647-01

 

 

33-9

 

 

 

 

 

Page 8 Page 10
Page 9
Image 9
Cisco Systems OL-16647-01 manual Delete an Identity Certificate, Export an Identity Certificate, 33-9
Page 8 Page 10
Top Page Image Contents