Installing Certificates - Cisco ASA Series Cli Configuration Manual

Configuring Cisco Unified Presence Proxy for SIP Federation
Creating Trustpoints and Generating Certificates
You need to generate the keypair for the certificate (such as
configure a trustpoint to identify the self-signed certificate sent by the ASA to Cisco UP (such as
cup_proxy
Command
Step 1
hostname(config)# crypto key generate rsa label
key-pair-label modulus size
Example:
crypto key generate rsa label ent_y_proxy_key
modulus 1024
INFO: The name for the keys will be: ent_y_proxy_key
Keypair generation process begin. Please wait...
hostname(config)#
Step 2
hostname(config)# crypto ca trustpoint
trustpoint_name
Example:
hostname(config)# crypto ca trustpoint ent_y_proxy
Step 3
hostname(config-ca-trustpoint)# enrollment self
Step 4
hostname(config-ca-trustpoint)# fqdn none
Step 5
hostname(config-ca-trustpoint)# subject-name
X.500_name
Example:
hostname(config-ca-trustpoint)# subject-name
cn=Ent-Y-Proxy
Step 6
hostname(config-ca-trustpoint)# keypair keyname
Example:
hostname(config-ca-trustpoint)# keypair
ent_y_proxy_key
Step 7
hostname(config-ca-trustpoint)# exit
Step 8
hostname(config)# crypto ca enroll trustpoint
Example:
hostname(config)# crypto ca enroll ent_y_proxy
What to Do Next
Install the certificate on the local entity truststore. You could also enroll the certificate with a local CA
trusted by the local entity. See the

Installing Certificates

Export the self-signed certificate for the ASA created in the
Certificates" section on page 1-10
necessary for local entity to authenticate the ASA.
Cisco ASA Series CLI Configuration Guide
1-10
) in the TLS handshake.
"Installing Certificates" section on page
and install it as a trusted certificate on the local entity. This task is
Chapter 1 Configuring Cisco Unified Presence
cup_proxy_key
Purpose
Creates the RSA keypair that can be used for the
trustpoints.
The keypair is used by the self-signed certificate
presented to the local domain containing the Cisco
UP (proxy for the remote entity).
Enters the trustpoint configuration mode for the
specified trustpoint so that you can create the
trustpoint for the remote entity.
A trustpoint represents a CA identity and possibly a
device identity, based on a certificate issued by the
CA.
Generates a self-signed certificate.
Specifies not to include a fully qualified domain
name (FQDN) in the Subject Alternative Name
extension of the certificate during enrollment.
Includes the indicated subject DN in the certificate
during enrollment
Specifies the key pair whose public key is to be
certified.
Exits from the CA Trustpoint configuration mode.
Starts the enrollment process with the CA and
specifies the name of the trustpoint to enroll with.
"Creating Trustpoints and Generating
) used by the ASA, and
1-10.