Cisco ASA Series Cli Configuration Manual page 969

Chapter 1 Configuring Digital Certificates
Downloading CRLs
To make the CRL available for HTTP download on a given interface or port, perform the following
commands:
Command
Step 1
crypto ca server
Example:
hostname (config)# crypto ca server
Step 2
publish-crl interface interface port portnumber
Example:
hostname (config-ca-server)# publish-crl outside 70
Configuring Digital Certificates
Purpose
Enters local ca server configuration mode. Allows
you to configure and manage a local CA.
Opens a port on an interface to make the CRL
accessible from that interface.The specified interface
and port are used to listen for incoming requests for
the CRL. The interface and optional port selections
are as follows:
•
inside—Name of interface/GigabitEthernet0/1
•
management—Name of interface/
Management0/0
•
outside—Name of interface/GigabitEthernet0/0
•
Port numbers can range from 1-65535. TCP port
80 is the HTTP default port number.
Note
If you do not specify this command, the CRL
is not accessible from the CDP location,
because this command is required to open an
interface to download the CRL file.
The CDP URL can be configured to use the IP
address of an interface, and the path of the CDP URL
and the filename can also be configured (for example,
http://10.10.10.100/user8/my_crl_file).
In this case, only the interface with that IP address
configured listens for CRL requests, and when a
request comes in, the ASA matches the path,
/user8/my_crl_file to the configured CDP URL.
When the path matches, the ASA returns the stored
CRL file.
Note
The protocol must be HTTP, so the prefix
displayed is http://.
Cisco ASA Series CLI Configuration Guide
1-33