Obtaining Certificates Manually - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 39
Configuring Certificates
Verify that the enrollment process was successful using the show crypto ca certificate command. For
Step 4
example, to show the certificate received from trustpoint Main:
hostname/contexta(config)# show crypto ca certificate Main
The output of this command shows the details of the certificate issued for the security appliance and the
CA certificate for the trustpoint.
Save the configuration using the write memory command:
Step 5
hostname/contexta(config)# write memory
Obtaining Certificates Manually
This procedure provides steps for configuring certificates using manual certificate requests. Repeat these
steps for each trustpoint you configure for manual enrollment. When you have completed this procedure,
the security appliance will have received a CA certificate for the trustpoint and one or two certificates
for signing and encryption purposes. If you use general-purpose RSA keys, the certificate received is for
signing and encryption. If you use separate RSA keys for signing and encryption, the certificates
received are used for each purpose exclusively.
Whether a trustpoint requires that you manually obtain certificates is determined by the use of the
Note
enrollment terminal command when you configure the trustpoint (see the
section on page
To obtain certificates manually, perform the following steps:
Obtain a base-64 encoded CA certificate from the CA represented by the trustpoint.
Step 1
Import the CA certificate. To do so, use the crypto ca authenticate command. The following example
Step 2
shows a CA certificate request for the trustpoint Main.
hostname (config)# crypto ca authenticate Main
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
MIIDRTCCAu+gAwIBAgIQKVcqP/KW74VP0NZzL+JbRTANBgkqhkiG9w0BAQUFADCB
[ certificate data omitted ]
/7QEM8izy0EOTSErKu7Nd76jwf5e4qttkQ==
quit
INFO: Certificate has the following attributes:
Fingerprint:
Do you accept this certificate? [yes/no]: y
Trustpoint CA certificate accepted.
% Certificate successfully imported
hostname (config)#
Generate a certificate request. To do so, use the crypto ca enroll command. The following example
Step 3
shows a certificate and encryption key request for the trustpoint Main, which is configured to use manual
enrollment and general-purpose RSA keys for signing and encryption.
hostname (config)# crypto ca enroll Main
% Start certificate enrollment ..
OL-10088-01
39-7).
24b81433 409b3fd5 e5431699 8d490d34
Cisco Security Appliance Command Line Configuration Guide
Certificate Configuration
"Configuring Trustpoints"
39-11
Advertisement
Table of Contents
Troubleshooting
