Certificate Characteristics - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
The Local CA
To specify the e-mail address that is to be used as the From: field of all e-mails generated by the Local
Step 4
CA server, use the smtp from-address command as follows:
hostname (config-ca-server) # smtp from-address SecurityAdmin@hostcorp.com
hostname (config-ca-server)#
To specify an optional subject-name DN to be appended to a username on issued certificates, use the
Step 5
subject-name-default command. The default subject-name DN becomes part of the username in all user
certificates issued by the Local CA server. For example, if the username is maryjane@ASC.com and you
set the subject-name default to cn=engineer, o=ASC Systems, c=US, the subject-name DN in the
certificate would be cn=maryjane@ASC.com, cn=Engineer, o=ASC Systems, c=US.
If you do not specify a subject-name-default to serve as a standard subject-name default, you must
Note
specify a DN each time you add a user.
The permitted DN attribute keywords are listed in the following table:
An example follows:
hostname (config-ca-server) # subject-name-default cn=engineer, o=ABC Systems, c=US
hostname (config-ca-server)#
Note that there are additional Local CA server commands that allow you to customize your server
further. These commands are described in the following sections.
Certificate Characteristics
Configurable Local CA certificate characteristics include the following:
•
•
•
Issuer Name
The certificate issuer name that is configured is both the subject-name and issuer-name of the self-signed
Local CA certificate, as well as the issuer-name in all client certificates that are issued and in the issued
CRL. The default issuer name in the Local CA is hostname.domainname. Use the issuer-name command
to specify the Local CA certificate subject-name as shown in the following example:
hostname(config-ca-server)# issuer-name CN=xx5520,CN=30.132.0.25,ou=DevTest,ou=QA,O=ABC
Systems
hostname(config-ca-server)#
Cisco Security Appliance Command Line Configuration Guide
39-20
CN= Common Name
SN = Surname
T = Title
O = Organization Name
L = Locality
The name of the certificate issuer as it appears on all user certificates
The lifetime of the Local CA certificates (server and user) and the CRL
The length of the public and private keypair associated with Local CA and user certificates.
Subject-name-default Keywords
C = Country
OU = Organization Unit
EA = E-mail Address
ST = State/Province
Chapter 39
Configuring Certificates
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
