Local Ca Server Maintenance And Backup Procedures 39+\34; Maintaining The Local Ca User Database 39+\34; Maintaining The Local Ca Certificate Database 39+\34 - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
The Local CA
dn:
allowed:
notified: 0
hostname (config)#
Local CA Server Maintenance and Backup Procedures
The stored Local CA Server configuration, users, issued certificates, CRL, etc. reside in the database in
flash memory, or in file-system storage, depending on how you configure storage. The following
subsections describe database maintenance procedures.
Maintaining the Local CA User Database
Each time the security appliance configuration is saved, all user information in the Local CA Server
database is saved automatically (with the write memory command) to the file specified by the database
path command when you set up file storage external to the security appliance. For example, if you set
up file storage using the following command:
hostname(config)# crypto ca server
hostname(config-ca-server)# database path mydata:newuser
hostname(config-ca-server)#
User database information is saved from the security appliance to mydata /newuser every time you save
the security appliance configuration.
For flash memory database storage, the user information is saved automatically to the default location
Note
for the start-up configuration.
Maintaining the Local CA Certificate Database
The certificate database file, LOCAL-CA-SERVER.cdb, is to be saved anytime there is a change in the
database.
•
•
•
The Local CA files can be seen on the flash memory or in external storage as follows:
hostname(config-ca-server)# dir LOCAL* //
Directory of disk0:/LOCAL*
75
77
69
81
72
127119360 bytes total (79693824 bytes free)
hostname (config-ca-server)#
Cisco Security Appliance Command Line Configuration Guide
39-34
<None>
<not allowed>
LOCAL-CA-SERVER.p12 is the archive of the Local CA certificate and keypair generated when the
Local CA server is initially enabled with the no shutdown command.
LOCAL-CA-SERVER.crl file is the actual CRL.
LOCAL-CA-SERVER.ser file is used to keep track of the issued certificate serial numbers
-rwx 32
13:07:49 Jan 20 2007 LOCAL-CA-SERVER.ser
-rwx 229
13:07:49 Jan 20 2007 LOCAL-CA-SERVER.cdb
-rwx 0
01:09:28 Jan 20 2007 LOCAL-CA-SERVER.udb
-rwx 232
19:09:10 Jan 20 2007 LOCAL-CA-SERVER.crl
-rwx 1603
01:09:28 Jan 20 2007 LOCAL-CA-SERVER.p12
Chapter 39
Configuring Certificates
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
