Cisco ASA 5505 Configuration Manual page 1002
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Information About Cisco Unified Presence
For the TLS handshake, the two entities could validate the peer certificate via a certificate chain to
trusted third-party certificate authorities. Both entities enroll with the CAs. The adaptive security
appliance as the TLS proxy must be trusted by both entities. The adaptive security appliance is always
associated with one of the enterprises. Within that enterprise (Enterprise X in
and the adaptive security appliance could authenticate each other via a local CA, or by using self-signed
certificates.
To establish a trusted relationship between the adaptive security appliance and the remote entity (Entity
Y), the adaptive security appliance can enroll with the CA on behalf of Entity X (Cisco UP). In the
enrollment request, the Entity X identity (domain name) is used.
Figure 46-3
with the third party CA by using the Cisco UP FQDN as if the adaptive security appliance is the Cisco
UP.
Figure 46-3
Enroll with FQDN
TLS (Self-signed,
or from local CA)
Security Certificate Exchange Between Cisco UP and the Security Appliance
You need to generate the keypair for the certificate (such as
security appliance, and configure a trustpoint to identify the self-signed certificate sent by the adaptive
security appliance to Cisco UP (such as
For the adaptive security appliance to trust the Cisco UP certificate, you need to create a trustpoint to
identify the certificate from the Cisco UP (such as
terminal to indicate that you will paste the certificate received from the Cisco UP into the terminal.
Cisco ASA 5500 Series Configuration Guide using ASDM
46-4
shows the way to establish the trust relationship. The adaptive security appliance enrolls
How the Security Appliance Represents Cisco Unified Presence – Certificate
Impersonate
3rd Party CA
Certificate
Authority
of Cisco UP
Certificate
Cisco UP
ASA
Certificate with
Private Key
Inspected and
Modified
Key 1
(if needed)
Chapter 46
Internet
TLS (Cisco UP Certificate)
Key 2
cup_proxy_key
) in the TLS handshake.
cup_proxy
), and specify the enrollment type as
cert_from_cup
Configuring Cisco Unified Presence
Figure
46-1), the entity
Microsoft Presence Server
Access
LCS/OCS
Proxy
Director
) used by the adaptive
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
