Cisco ASA Series Cli Configuration Manual page 966

Configuring Digital Certificates
Configuring the CRL Lifetime
To configure the CRL lifetime, perform the following commands:
Command
Step 1
crypto ca server
Example:
hostname (config)# crypto ca server
Step 2
lifetime crl time
Example:
hostname (config-ca-server)# lifetime crl 10
Step 3
crypto ca server crl issue
Example:
hostname(config)# crypto ca server crl issue
A new CRL has been issued.
Configuring the Server Keysize
To configure the server keysize, perform the following commands:
Command
Step 1
crypto ca server
Example:
hostname (config)# crypto ca server
Step 2
keysize server
Example:
hostname (config-ca-server)# keysize server 2048
Cisco ASA Series CLI Configuration Guide
1-30
Chapter 1 Configuring Digital Certificates
Purpose
Enters local ca server configuration mode. Allows
you to configure and manage a local CA.
Sets the length of time that you want the CRL to
remain valid.
The local CA updates and reissues the CRL each time
that a user certificate is revoked or unrevoked, but if
no revocation changes occur, the CRL is reissued
automatically once each CRL lifetime. If you do not
specify a CRL lifetime, the default time period is six
hours.
Forces the issuance of a CRL at any time, which
immediately updates and regenerates a current CRL
to overwrite the existing CRL.
Note
Do not use this command unless the CRL file
has been removed in error or has been
corrupted and must be regenerated.
Purpose
Enters local ca server configuration mode. Allows
you to configure and manage a local CA.
Specifies the size of the public and private keys
generated at user-certificate enrollment. The keypair
size options are 512, 768, 1024, 2048 bits, and the
default value is 1024 bits.
Note
After you have enabled the local CA, you
cannot change the local CA keysize, because
all issued certificates would be invalidated.
To change the local CA keysize, you must
delete the current local CA and reconfigure a
new one.