Cisco ASA Series Cli Configuration Manual page 945
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring Digital Certificates
•
•
•
Configuring Digital Certificates
This section describes how to configure local CA certificates. Make sure that you follow the sequence
of tasks listed to correctly configure this type of digital certificate. This section includes the following
topics:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
The ASA and the AnyConnect clients can only validate certificates in which the X520Serialnumber
field (the serial number in the Subject Name) is in PrintableString format. If the serial number
format uses encoding such as UTF8, the certificate authorization will fail.
Use only valid characters and values for the certificate parameters when you import them on the
ASA.
To use a wildcard (*) symbol, make sure that you use encoding on the CA server that allows this
character in the string value. Although RFC 5280 recommends using either a UTF8String or
PrintableString, you should use UTF8String because PrintableString does not recognize the
wildcard as a valid character. The ASA rejects the imported certificate if an invalid character or
value is found during the import. For example:
ERROR: Failed to parse or verify imported certificate ciscoasa(config)# Read
162*H÷ytes as CA certificate:0U0= \Ivr"phÕV°3é¼þ0 CRYPTO_PKI(make trustedCerts list)
CERT-C: E ../cert-c/source/certlist.c(302) : Error #711h
CRYPTO_PKI: Failed to verify the ID certificate using the CA certificate in trustpoint
mm.
CERT-C: E ../cert-c/source/p7contnt.c(169) : Error #703h
crypto_certc_pkcs7_extract_certs_and_crls failed (1795):
crypto_certc_pkcs7_extract_certs_and_crls failed
CRYPTO_PKI: status = 1795: failed to verify or insert the cert into storage
Configuring Key Pairs, page 1-10
Removing Key Pairs, page 1-10
Configuring Trustpoints, page 1-11
Configuring CRLs for a Trustpoint, page 1-13
Exporting a Trustpoint Configuration, page 1-15
Importing a Trustpoint Configuration, page 1-16
Configuring CA Certificate Map Rules, page 1-17
Obtaining Certificates Manually, page 1-18
Obtaining Certificates Automatically with SCEP, page 1-20
Configuring Proxy Support for SCEP Requests, page 1-21
Enabling the Local CA Server, page 1-22
Configuring the Local CA Server, page 1-23
Customizing the Local CA Server, page 1-25
Debugging the Local CA Server, page 1-26
Disabling the Local CA Server, page 1-26
Deleting the Local CA Server, page 1-26
Configuring Local CA Certificate Characteristics, page 1-27
Configuring Digital Certificates
Cisco ASA Series CLI Configuration Guide
1-9
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
