Debugging The Local Ca Server 39+\28; Disabling The Local Ca Server 39+\28; Managing The Local Ca User Database 39+\28 - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
The Local CA
Re-enter password: caserver
Keypair generation process begin. Please wait...
hostname(config-ca-server)#
Re-enabling the same Local CA Server with the no shutdown command and disabling it with the
shutdown command do not require the passphrase.
Debugging the Local CA Server
To debug the newly configured Local CA Server, use the debug crypto ca server command in global
configuration mode. This command displays debug messages when you configure and enable the Local
CA server. By default, the debug crypto ca server command performs level 1 debug functions; levels
1-255 are available.
Debug commands might slow down traffic on busy networks. Levels 5 and higher are reserved for raw
Note
data dumps and should be avoided during normal debugging because of excessive debug output.
Disabling the Local CA Server
When you disable the Local CA server with the shutdown command, the configuration and all associated
files remain in storage. Webpage enrollment is disabled, but you can change or reconfigure the Local CA
Server during shutdown and then restart it with the no shutdown command.
To disable the Local CA server on a security appliance, perform the following:
asa1(config-ca-server)#
asa1(config-ca-server)# shutdown
INFO: Local CA Server has been shutdown.
asa1(config-ca-server)#
Managing the Local CA User Database
The Local CA server keeps track of user certificates, so the administrator can revoke or restore privileges
as needed. This section describes how to add, allow for enrollment, remove, and manage users in the
Local CA database with CLI commands. These operations are all initiated with the crypto ca server
user-db (function) command in Privileged Exec mode. The functions are summarized
Crypto CA Server User Commands
Note that users must be added to the database with the crypto ca server user-db add command, but it
is the crypto ca server user-db allow command that grants each user enrollment privileges.
crypto ca server user-db add
crypto ca server user-db allow
crypto ca server user-db remove
Cisco Security Appliance Command Line Configuration Guide
39-28
and described in the following subsections.
Table 39-2
Crypto CA Server User Commands
Command
Description
Adds a user to the Local CA server user database.
Permits a specific user or subset of users in the Local CA
server database to enroll and generates OTPs for users.
Removes a user from the Local CA server user database by
user name.
Chapter 39
Configuring Certificates
inTable 39-2
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
