Cisco ASA Series Cli Configuration Manual page 960

Configuring Digital Certificates
Command
Step 3
subject-name-default dn
Example:
hostname (config-ca-server)# subject-name-default
cn=engineer, o=asc systems, c="US"
Step 4
no shutdown
Example:
hostname (config-ca-server)# no shutdown
Examples
The following example shows how to configure and enable the local CA server using the predefined
default values for all required parameters:
hostname (config)# crypto ca server
hostname (config-ca-server) # smtp from-address SecurityAdmin@example.com
hostname (config-ca-server)# subject-name-default cn=engineer, o=asc Systems, c=US
hostname (config-ca-server)# no shutdown
Cisco ASA Series CLI Configuration Guide
1-24
Chapter 1 Configuring Digital Certificates
Purpose
(Optional) Specifies the subject-name DN that is
appended to each username on issued certificates.
The subject-name DN and the username combine to
form the DN in all user certificates that are issued by
the local CA server. If you do not specify a
subject-name DN, you must specify the exact subject
name DN to be included in a user certificate each
time that you add a user to the user database.
Note
Make sure that you review all optional
parameters carefully before you enable the
configured local CA, because you cannot
change issuer-name and keysize server values
after you enable the local CA for the first
time.
Creates the self-signed certificate and associates it
with the local CA on the ASA. The self-signed
certificate key usage extension has key encryption,
key signature, CRL signing, and certificate signing
capabilities.
Note
After the self-signed local CA certificate has
been generated, to change any characteristics,
you must delete the existing local CA server
and completely recreate it.
The local CA server keeps track of user certificates,
so the administrator can revoke or restore privileges
as needed.