Cisco PIX 500 Series Configuration Manual page 866
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Certificate Configuration
% The fully-qualified domain name in the certificate will be:
securityappliance.example.com
% Include the device serial number in the subject name? [yes/no]: n
Display Certificate Request to terminal? [yes/no]: y
Certificate Request follows:
MIIBoDCCAQkCAQAwIzEhMB8GCSqGSIb3DQEJAhYSRmVyYWxQaXguY2lzY28uY29t
[ certificate request data omitted ]
jF4waw68eOxQxVmdgMWeQ+RbIOYmvt8g6hnBTrd0GdqjjVLt
---End - This line not part of the certificate request---
Redisplay enrollment request? [yes/no]: n
hostname (config)#
Note
For each request generated by the crypto ca enroll command, obtain a certificate from the CA
Step 4
represented by the applicable trustpoint. Be sure the certificate is in base-64 format.
For each certificate you receive from the CA, use the crypto ca import certificate command. The
Step 5
security appliance prompts you to paste the certificate to the terminal in base-64 format.
Note
The following example manually imports a certificate for the trustpoint Main:
hostname (config)# crypto ca import Main certificate
% The fully-qualified domain name in the certificate will be:
securityappliance.example.com
Enter the base 64 encoded certificate.
End with a blank line or the word "quit" on a line by itself
[ certificate data omitted ]
quit
INFO: Certificate successfully imported
hostname (config)#
Verify that the enrollment process was successful using the show crypto ca certificate command. For
Step 6
example, to show the certificate received from trustpoint Main:
hostname/contexta(config)# show crypto ca certificate Main
The output of this command shows the details of the certificate issued for the security appliance and the
CA certificate for the trustpoint.
Save the configuration using the write memory command:
Step 7
hostname/contexta(config)# write memory
Cisco Security Appliance Command Line Configuration Guide
39-12
If you use separate RSA keys for signing and encryption, the crypto ca enroll command
displays two certificate requests, one for each key. To complete enrollment, acquire a certificate
for all certificate requests generated by the crypto ca enroll command.
If you use separate RSA key pairs for signing and encryption, perform this step for each
certificate separately. The security appliance determines automatically whether the certificate is
for the signing or encryption key pair. The order in which you import the two certificates is
irrelevant.
Chapter 39
Configuring Certificates
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
