Cisco ASA Series Cli Configuration Manual page 951

Chapter 1 Configuring Digital Certificates
Command
Step 8
ldap-defaults server
Example:
hostname (config-ca-crl)# ldap-defaults ldap1
Step 9
ldap-dn admin-DN password
Example:
hostname (config-ca-crl)# ldap-dn
cn=admin,ou=devtest,o=engineering c00lRunZ
Step 10
crypto ca crl request trustpoint
Example:
hostname (config-ca-crl)# crypto ca crl request Main
Step 11
write memory
Example:
hostname (config)# write memory
Exporting a Trustpoint Configuration
To export a trustpoint configuration, enter the following command:
Command
crypto ca export trustpoint
Example:
hostname(config)# crypto ca export Main
Examples
The following example exports PKCS12 data for the trustpoint Main with the passphrase Wh0zits:
hostname (config)# crypto ca export Main pkcs12 Wh0zits
Exported pkcs12 follows:
[ PKCS12 data omitted ]
---End - This line not part of the pkcs12---
Purpose
Identifies the LDAP server to the ASA if LDAP is
specified as the retrieval protocol. You can specify
the server by DNS hostname or by IP address. You
can also provide a port number if the server listens
for LDAP queries on a port other than the default of
389.
Note
Allows CRL retrieval if the LDAP server requires
credentials.
Retrieves the current CRL from the CA represented
by the specified trustpoint and tests the CRL
configuration for the current trustpoint.
Saves the running configuration.
Purpose
Exports a trustpoint configuration with all associated keys and
certificates in PKCS12 format. The ASA displays the PKCS12 data in
the terminal. You can copy the data. The trustpoint data is password
protected; however, if you save the trustpoint data in a file, make sure
that the file is in a secure location.
Cisco ASA Series CLI Configuration Guide
Configuring Digital Certificates
If you use a hostname instead of an IP
address to specify the LDAP server, make
sure that you have configured the ASA to use
DNS.
1-15