Chapter 12
Configuring Certificates
CRL Distribution Points:
Validity Date:
Associated Trustpoints: newton
CA Certificate
Status: Available
Certificate Serial Number: 5b7759c61784e15ec727c0329529286b
Certificate Usage: General Purpose
Public Key Type: RSA (2048 bits)
Issuer Name:
Subject Name:
CRL Distribution Points:
Validity Date:
Associated Trustpoints: newton
Linking Certificates to a Trustpoint
After you have imported the third-party certificate. you must link it to the trustpoint, which allows you
to communicate with multiple clients.
To display the name of the trustpoint, which has the same name (newton) as was used during import of
the third-party certificate, enter the following command:
hostname (config)# show run ssl
ssl trust-point newton
Configuration Example: Cut-Through-Proxy Authentication
To configure an FWSM for cut-through-proxy authentication, enter the following commands:
hostname(config)# access-list FWACL extended permit tcp any any eq ftp
access-list FWACL extended permit tcp any any eq telnet
access-list FWACL extended permit tcp any any eq www
access-list FWACL extended permit tcp any any eq https
access-group FWACL in interface outside
timeout uauth 0:05:00 absolute
aaa-server TacacsServers protocol tacacs+
reactivation-mode depletion deadtime 2
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
[1]
http://EVSecure-crl.verisign.com/EVSecure2006.crl
start date: 23:00:00 IST Sep 26 2007
end
date: 22:59:59 IST Sep 26 2008
cn=VeriSign Class 3 Public Primary Certification Authority - G5
ou=(c) 2006 VeriSign\, Inc. - For authorized use only
ou=VeriSign Trust Network
o=VeriSign\, Inc.
c=US
cn=VeriSign Class 3 Extended Validation SSL CA
ou=Terms of use at https://www.verisign.com/rpa (c)06
ou=VeriSign Trust Network
o=VeriSign\, Inc.
c=US
[1]
http://EVSecure-crl.verisign.com/pca3-g5.crl
start date: 23:00:00 IST Nov 7 2006
end
date: 22:59:59 IST Nov 7 2016
Certificate Configuration
12-9