Cisco ASA Series Cli Configuration Manual page 949

Chapter 1 Configuring Digital Certificates
Command
Step 15
revocation check
Example:
hostname/contexta(config-ca-trustpoint)# revocation
check
Step 16
subject-name X.500 name
Example:
hostname/contexta(config-ca-trustpoint)# myname
X.500 examplename
Step 17
serial-number
Example:
hostname/contexta(config-ca-trustpoint)# serial
number JMX1213L2A7
Step 18
write memory
Example:
hostname/contexta(config)# write memory
Configuring CRLs for a Trustpoint
To use mandatory or optional CRL checking during certificate authentication, you must configure CRLs
for each trustpoint. To configure CRLs for a trustpoint, perform the following steps:
Command
Step 1
crypto ca trustpoint trustpoint-name
Example:
hostname (config)# crypto ca trustpoint Main
Step 2
crl configure
Example:
hostname (config-ca-trustpoint)# crl configure
Step 3
Do one of the following:
Configuring Digital Certificates
Purpose
Sets one or more methods for revocation checking:
CRL, OCSP, and none.
During enrollment, asks the CA to include the
specified subject DN in the certificate. If a DN string
includes a comma, enclose the value string within
double quotes (for example, O="Company, Inc.").
During enrollment, asks the CA to include the ASA
serial number in the certificate.
Saves the running configuration.
Purpose
Enters crypto ca trustpoint configuration mode for
the trustpoint whose CRL configuration you want to
modify.
Note
Make sure that you have enabled CRLs
before entering this command. In addition,
the CRL must be available for authentication
to succeed.
Enters crl configuration mode for the current
trustpoint.
Tip
To set all CRL configuration parameters to
default values, use the default command. At
any time during CRL configuration, reenter
this command to restart the procedure.
Cisco ASA Series CLI Configuration Guide
1-13