1-15
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Digital Certificates
Configuring Digital Certificates
Exporting a Trustpoint Configuration
To export a trustpoint configuration, enter the following command:
Examples
The following example exports PKCS12 data for the trustpoint Main with the passphrase Wh0zits:
hostname (config)# crypto ca export Main pkcs12 Wh0zits
Exported pkcs12 follows:
[ PKCS12 data omitted ]
---End - This line not part of the pkcs12---
Step 8
ldap-defaults server
Example:
hostname (config-ca-crl)# ldap-defaults ldap1
Identifies the LDAP server to the ASA if LDAP is
specified as the retrieval protocol. You can specify
the server by DNS hostname or by IP address. You
can also provide a port number if the server listens
for LDAP queries on a port other than the default of
389.
Note If you use a hostname instead of an IP
address to specify the LDAP server, make
sure that you have configured the ASA to use
DNS.
Step 9
ldap-dn admin-DN password
Example:
hostname (config-ca-crl)# ldap-dn
cn=admin,ou=devtest,o=engineering c00lRunZ
Allows CRL retrieval if the LDAP server requires
credentials.
Step 10
crypto ca crl request trustpoint
Example:
hostname (config-ca-crl)# crypto ca crl request Main
Retrieves the current CRL from the CA represented
by the specified trustpoint and tests the CRL
configuration for the current trustpoint.
Step 11
write memory
Example:
hostname (config)# write memory
Saves the running configuration.
Command Purpose
Command Purpose
crypto ca export trustpoint
Example:
hostname(config)# crypto ca export Main
Exports a trustpoint configuration with all associated keys and
certificates in PKCS12 format. The ASA displays the PKCS12 data in
the terminal. You can copy the data. The trustpoint data is password
protected; however, if you save the trustpoint data in a file, make sure
that the file is in a secure location.
To Next Page
Loading...
Need help?
General