Exporting And Importing Trustpoints - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Certificate Configuration
where n is the number of minutes. For example, to specify that CRLs should be cached for seven hours,
enter the following command.
hostname/contexta(config-ca-crl)# cache-time 420
Step 8
Configure whether the security appliance requires the NextUpdate field in CRLs. For more information
about how the security appliance uses the NextUpdate field, see the
Do one of the following:
•
•
If you specified LDAP as the retrieval protocol, perform the following steps:
Step 9
a.
b.
To test CRL configuration for the current trustpoint, use the crypto ca crl request command. This
Step 10
command retrieves the current CRL from the CA represented by the trustpoint you specify.
Save the running configuration. Enter the write memory command.
Step 11
Exporting and Importing Trustpoints
You can export and import keypairs and issued certificates associated with a trustpoint configuration.
The security appliance supports PKCS12 format for the export and import of trustpoints.
This section includes the following topics:
•
•
Cisco Security Appliance Command Line Configuration Guide
39-14
To require the NextUpdate field, enter the enforcenextupdate command. This is the default setting.
To allow the NextUpdate field to be absent in CRLs, enter the no enforcenextupdate command.
Enter the following command to identify the LDAP server to the security appliance:
hostname/contexta(config-ca-crl)# ldap-defaults server
You can specify the server by DNS hostname or by IP address. You can also provide a port number
if the server listens for LDAP queries on a port other than the default of 389. For example, the
following command configures the security appliance to retrieve CRLs from an LDAP server whose
hostname is ldap1.
hostname/contexta(config-ca-crl)# ldap-defaults ldap1
If you use a hostname rather than an IP address to specify the LDAP server, be sure you have
Note
configured the security appliance to use DNS. For information about configuring DNS, see
the dns commands in the Cisco Security Appliance Command Reference.
If LDAP server requires credentials to permit CRL retrieval, enter the following command:
hostname/contexta(config-ca-crl)# ldap-dn admin-DN password
For example:
hostname/contexta(config-ca-crl)# ldap-dn cn=admin,ou=devtest,o=engineering c00lRunZ
Exporting a Trustpoint Configuration, page 39-15
Importing a Trustpoint Configuration, page 39-15
Chapter 39
Configuring Certificates
"About CRLs" section on page
OL-10088-01
39-3.
Advertisement
Table of Contents
Troubleshooting
