Adding And Enrolling Users 39+\29 - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 39
Configuring Certificates
crypto ca server user-db add
crypto ca server user-db email-otp
crypto ca server user-db show-otp
Adding and Enrolling Users
Both the crypto ca server user-db add command and the crypto ca server user-db allow command are
used to add and allow new Local CA users. To add a user who is eligible for enrollment to the Local CA
database, perform the following steps:
Add a new user with the following CLI commands:
Step 1
hostname(config)#
hostname(config-ca-server)# crypto ca server user-db add user name [dn dn] [email emailad-
dress]
hostname(config-ca-server)#
where the options are as follows:
•
•
•
Provide user privileges to an added user with the following command:
Step 2
hostname(config)#
hostname(config-ca-server)# crypto ca server user-db allow user6
hostname(config-ca-server)#
Notify a user in the Local CA database to enroll and download a user certificate with the crypto ca
Step 3
server user-db email-otp command, which automatically e-mails the one-time password to that user.
hostname(config)#
hostname(config-ca-server)# crypto ca server user-db email-otp user name
hostname(config-ca-server)#
If the user specifies the a-mail address in the crypto ca server user-db add command, it is to send the
e-mail as part of the crypto ca server user-db allow command or after using the crypto ca server
user-db email-otp command. When an administrator wants to be able to notify a user by means of
e-mail, the e-mail address must be specified as the username or the e-mail field when adding the user.
Once a user is added with a valid e-mail address, the administrator has choice of crypto ca server
user-db allow username email-otp, or crypto ca server user-db allow username and crypto ca server
user-db email-otp username.
OL-12172-03
Command
username—A string from 4-64 characters, the simple user name for the user being added. The
username can be an e-mail address, which then is used to contact the user as necessary for
enrollment invitations
dn— distinguished name, a global, authoritative name of an entry in the OSI Directory (X.500), for
example, cn=maryjane@ASC.com, cn=Engineer, o=ASC Systems, c=US. For details, see
Customizing the Local CA Server
e-mail-address—The e-mail address of the new user where OTPs and notices are to be sent.
Description
Adds a user to the Local CA server user database.
E-mails the one-time password to a specific user or to a
subset of users in the Local CA server database.
Displays the one-time password for a specific user or a subset
of users in the Local CA server database.
Cisco Security Appliance Command Line Configuration Guide
The Local CA
39-29
Advertisement
Table of Contents
Troubleshooting
