Revocation Checking; Displaying Local Ca Server Information; Display Local Ca Configuration; Display Certificate Database 39+\31 - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 39
Configuring Certificates
Revocation Checking
The Local CA maintains a current Certification Revocation List (CRL) with serial numbers of all
revoked user certificates. This list is available to external devices and can be retrieved directly from the
Local CA if it is configured as such with the cdp-url and the publish-crl CLI commands. When you
revoke (or unrevoke) any current certificate, by certificate serial number, the CRL reflect these changes.
Displaying Local CA Server Information
There are various ways to display and print the Local CA server configuration and user information as
described in the following subsections. The following table summarizes the Local CA Server CLI
commands that display configuration and database information.
Command
show crypto ca server
show crypto ca server cert-db
show crypto ca server certificate
show crypto ca server crl
show crypto ca server user-db
show crypto ca server user-db allowed
show crypto ca server user-db enrolled
show crypto ca server user-db expired
show crypto ca server user-db on-hold
Display Local CA Configuration
To display the characteristics of the configured Local CA, use the show crypto ca server command in
Privileged EXEC mode. The following is a sample show crypto ca server display.
Certificate Server LOCAL-CA-SERVER:
Status: enabled
State: enabled
Server's configuration is locked (enter "shutdown" to unlock it)
Issuer name: CN=wz5520-1-16
CA certificate fingerprint/thumbprint: (MD5)
CA certificate fingerprint/thumbprint: (SHA1)
Last certificate issued serial number: 0x6
CA certificate expiration timer: 14:25:11 UTC Jan 16 2008
CRL NextUpdate timer: 16:09:55 UTC Jan 24 2007
Current primary storage dir: flash:
Display Certificate Database
To display a list with all of the certificates issued by the Local CA, use the show crypto ca server
cert-db command in Privileged EXEC mode. The following is a sample show crypto ca server cert-db
command display showing just two of the user certificates in the database.
OL-12172-03
76dd1439 ac94fdbc 74a0a89f cb815acc
58754ffd 9f19f9fd b13b4b02 15b3e4be b70b5a83
Display
Local CA configuration and status
User certificate(s)
Local CA certificate
Certificate Revocation List
Users and their status
Users eligible to enroll.
Enrolled users with valid certificate
Users with an expired certificate.
Users without certificate not permitted to enroll
Cisco Security Appliance Command Line Configuration Guide
The Local CA
39-31
Advertisement
Table of Contents
Troubleshooting
