1-13
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Digital Certificates
Configuring Digital Certificates
Configuring CRLs for a Trustpoint
To use mandatory or optional CRL checking during certificate authentication, you must configure CRLs
for each trustpoint. To configure CRLs for a trustpoint, perform the following steps:
Step 15
revocation check
Example:
hostname/contexta(config-ca-trustpoint)# revocation
check
Sets one or more methods for revocation checking:
CRL, OCSP, and none.
Step 16
subject-name X.500 name
Example:
hostname/contexta(config-ca-trustpoint)# myname
X.500 examplename
During enrollment, asks the CA to include the
specified subject DN in the certificate. If a DN string
includes a comma, enclose the value string within
double quotes (for example, O=”Company, Inc.”).
Step 17
serial-number
Example:
hostname/contexta(config-ca-trustpoint)# serial
number JMX1213L2A7
During enrollment, asks the CA to include the ASA
serial number in the certificate.
Step 18
write memory
Example:
hostname/contexta(config)# write memory
Saves the running configuration.
Command Purpose
Command Purpose
Step 1
crypto ca trustpoint trustpoint-name
Example:
hostname (config)# crypto ca trustpoint Main
Enters crypto ca trustpoint configuration mode for
the trustpoint whose CRL configuration you want to
modify.
Note Make sure that you have enabled CRLs
before entering this command. In addition,
the CRL must be available for authentication
to succeed.
Step 2
crl configure
Example:
hostname (config-ca-trustpoint)# crl configure
Enters crl configuration mode for the current
trustpoint.
Tip To set all CRL configuration parameters to
default values, use the default command. At
any time during CRL configuration, reenter
this command to restart the procedure.
Step 3
Do one of the following:
To Next Page
Loading...
