Cisco ASA 5505 Configuration Manual page 743

Chapter 35 Configuring Digital Certificates
•
•
This section includes the following topics:
•
•
•
•
•
•
Adding or Importing an Identity Certificate
To add or import a new identity certificate configuration, perform the following steps:
In the main ASDM application window, choose Configuration > Remote Access VPN > Certificate
Step 1
Management > Identity Certificates.
Click Add.
Step 2
The Add Identity Certificate dialog box appears, with the selected trustpoint name displayed at the top.
To import an identity certificate from an existing file, click the Import the identity certificate from a
Step 3
file radio button.
Enter the passphrase used to decrypt the PKCS12 file.
Step 4
Enter the path name of the file, or click Browse to display the Import ID Certificate File dialog box. Find
Step 5
the certificate file, and then click Import ID Certificate File.
To add a new identity certificate, click the Add a new identity certificate radio button.
Step 6
Click New to display the Add Key Pair dialog box.
Step 7
To use the default key pair name, click the Use default keypair name radio button.
Step 8
To use a new key pair name, click the Enter a new key pair name radio button, and type the new name.
Step 9
The adaptive security appliance supports multiple key pairs.
Choose the modulus size from the drop-down list.
Step 10
Choose the key pair usage by clicking the General purpose radio button (default) or Special radio
Step 11
button. When you choose the Special radio button, the adaptive security appliance generates two key
pairs, one for signature use and one for encryption use. This selection indicates that two certificates are
required for the corresponding identity.
Step 12 Click Generate Now to create new key pairs, and then click Show to display the Key Pair Details dialog
box, which includes the following display-only information:
•
•
•
•
•
OL-20339-01
Install an existing identity certificate.
Enroll for an identity certificate with Entrust.
Adding or Importing an Identity Certificate, page 35-15
Showing Identity Certificate Details, page 35-17
Deleting an Identity Certificate, page 35-17
Exporting an Identity Certificate, page 35-17
Generating a Certificate Signing Request, page 35-18
Installing Identity Certificates, page 35-19
The name of the key pair whose public key is to be certified.
The time of day and the date when the key pair is generated.
The usage of an RSA key pair.
The modulus size (bits) of the key pairs: 512, 768, 1024, and 2048. The default is 1024.
The key data, which includes the specific key data in text format.
Configuring Identity Certificates Authentication
Cisco ASA 5500 Series Configuration Guide using ASDM
35-15