1-7
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Digital Certificates
Licensing Requirements for Digital Certificates
Figure 1-1 The Local CA
Licensing Requirements for Digital Certificates
The following table shows the licensing requirements for this feature:
Prerequisites for Local Certificates
Local certificates have the following prerequisites:
• Make sure that the ASA is configured correctly to support certificates. An incorrectly configured
ASA can cause enrollment to fail or request a certificate that includes inaccurate information.
• Make sure that the hostname and domain name of the ASA are configured correctly. To view the
currently configured hostname and domain name, enter the show running-config command. For
information about configuring the hostname and domain name, see the “Configuring the Hostname,
Domain Name, and Passwords” section on page 1-1.
• Make sure that the ASA clock is set accurately before configuring the CA. Certificates have a date
and time that they become valid and expire. When the ASA enrolls with a CA and obtains a
certificate, the ASA checks that the current time is within the valid range for the certificate. If it is
outside that range, enrollment fails. For information about setting the clock, see the “Setting the
Date and Time” section on page 1-4.
Prerequisites for SCEP Proxy Support
Configuring the ASA as a proxy to submit requests for third-party certificates has the following
requirements:
• AnyConnect Secure Mobility Client 3.0 or later must be running at the endpoint.
User Enrollment Webpage
for PKCS12 Users Certificate
Enrollment and Retrieval
HTTP CRL retrieval
ASDM and CLI
configuration and
management
Local Database in flash memory
or Mounted external file system
(CIFS or FTP)
Security Device
with Local CA
Configured
191783
Model License Requirement
All models Base License.
To Next Page
Loading...
Need help?
General