Cisco FirePOWER ASA 5500 series Configuration Manual page 766
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Certificate Configuration
To configure a CA certificate map rule, perform the following steps:
Step 1
Enter CA certificate map configuration mode for the rule you want to configure. To do so, enter the
crypto ca certificate map command and specify the rule index number. The following example
enters CA certificate map mode for the rule with index number 1.
hostname(config)# crypto ca certificate map 1
hostname(config-ca-cert-map)#
Use the issuer-name and subject-name commands to configure the rule. These commands specify tests
Step 2
that the security appliance can apply to values found in the Issuer or Subject fields of certificates. The
tests can apply to specific attributes or to the whole of the Issuer or Subject fields. You can configure
many tests per rule, and all the tests you specify with these commands must be true for a rule to match
a certificate. Valid operators in the issuer-name and subject-name commands are as follows.
Operator
eq
ne
co
nc
For more information about the issuer-name and subject-name commands, see the Cisco Security
Appliance Command Reference.
The following example specifies that any attribute within the Issuer field must contain the string cisco.
hostname(config-ca-cert-map)# issuer-name co cisco
hostname(config-ca-cert-map)#
The following example specifies that within the Subject field an Organizational Unit attribute must
exactly match the string Engineering.
hostname(config-ca-cert-map)# subject-name attr ou eq Engineering
hostname(config-ca-cert-map)#
Map rules appear in the output of the show running-config command.
crypto ca certificate map 1
issuer-name co cisco
subject-name attr ou eq Engineering
Step 3
When you have finished configuring the map rule, save your work. Enter the write memory command.
Cisco Security Appliance Command Line Configuration Guide
39-16
Meaning
The field or attribute must be identical to the value given.
The field or attribute cannot be identical to the value given.
Part or all of the field or attribute must match the value given.
No part of the field or attribute can match the value given.
Chapter 39
Configuring Certificates
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
