Cisco ASA 5505 Configuration Manual page 745

Chapter 35 Configuring Digital Certificates
Click OK when you are done to close the Advanced Options dialog box.
Step 23
Click Add Certificate in the Add Identity Certificate dialog box.
Step 24
The new identity certificate appears in the Identity Certificates list.
Click Apply to save the new identity certificate configuration.
Step 25
Showing Identity Certificate Details
To show detailed information about the selected identity certificate, click Show Details to display the
Certificate Details dialog box, which includes the following three display-only tabs:
•
•
•
Deleting an Identity Certificate
To remove an identity certificate configuration, select it, and then click Delete.
Note
Exporting an Identity Certificate
You can export a certificate configuration with all associated keys and certificates in PKCS12 format,
which is the public key cryptography standard, and can be base64 encoded or in hexadecimal format. A
complete configuration includes the entire chain (root CA certificate, identity certificate, key pair) but
not enrollment settings (subject name, FQDN and so on). This feature is commonly used in a failover or
load-balancing configuration to replicate certificates across a group of adaptive security appliances; for
example, remote access clients calling in to a central organization that has several units to service the
calls. These units must have equivalent certificate configurations. In this case, an administrator can
export a certificate configuration and then import it across the group of adaptive security appliances.
To export an identity certificate, perform the following steps:
Click Export to display the Export Certificate dialog box.
Step 1
Enter the name of the PKCS12 format file to use in exporting the certificate configuration. Alternatively,
Step 2
click Browse to display the Export ID Certificate File dialog box to find the file to which you want to
export the certificate configuration.
Choose the certificate format by clicking the PKCS12 Format radio button or the PEM Format radio
Step 3
button.
OL-20339-01
The General tab displays the values for type, serial number, status, usage, public key type, CRL
distribution point, the times within which the certificate is valid, and associated trustpoints. The
values apply to both available and pending status.
The Issued to tab displays the X.500 fields of the subject DN or certificate owner and their values.
The values apply only to available status.
The Issued by tab displays the X.500 fields of the entity granting the certificate. The values apply
only to available status.
After you delete a certificate configuration, it cannot be restored. To recreate the deleted
certificate, click Add to reenter all of the certificate configuration information.
Configuring Identity Certificates Authentication
Cisco ASA 5500 Series Configuration Guide using ASDM
35-17