Cisco ASA 5505 Configuration Manual page 739

Chapter 35 Configuring Digital Certificates
Showing CA Certificate Details
To show detailed information about the selected CA certificate, click Show Details to display the
Certificate Details dialog box, which includes the following three display-only tabs:
•
•
•
Requesting a CRL
To update the current version of the CRL, click Request CRL. CRL updates provide the current status
of certificate users. If the request fails, an error message appears. The CRL is updated and regenerated
automatically until it expires; clicking Request CRL forces an immediate CRL file update and
regeneration.
Configuring CA Certificates for Revocation
To configure CA certificates for revocation, perform the following steps:
In the Configuration Options for CA Certificates pane, click the Revocation Check tab.
Step 1
To disable revocation checking of certificates, click the Do not check certificates for revocation radio
Step 2
button.
To select one or more revocation checking methods (CRL or OCSP), click the Check certificates for
Step 3
revocation radio button.
In the Revocation Methods area, available methods appear on the left. Click Add to move a method to
Step 4
the right and make it available. Click Move Up or Move Down to change the method order.
The methods you choose are implemented in the order in which you add them. If a method returns an
error, the next revocation checking method activates.
Step 5 Check the Consider certificate valid if revocation checking returns errors check box to ignore
revocation checking errors during certificate validation.
Step 6 Click OK to close the Revocation Check tab. Alternatively, to continue, see the
Retrieval Policy" section on page
Configuring CRL Retrieval Policy
To configure the CRL retrieval policy, perform the following steps:
In the Configuration Options for CA Certificates pane, click the CRL Retrieval Policy tab.
Step 1
OL-20339-01
The General tab displays the values for type, serial number, status, usage, public key type, CRL
distribution point, the times within which the certificate is valid, and associated trustpoints. The
values apply to both available and pending status.
The Issued to tab displays the X.500 fields of the subject DN or certificate owner and their values.
The values apply only to available status.
The Issued by tab displays the X.500 fields of the entity granting the certificate. The values apply
only to available status.
35-11.
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring CA Certificate Authentication
"Configuring CRL
35-11