Customizing the local ca server – Cisco ASA 5505 User Manual
Page 843
41-25
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 41 Configuring Digital Certificates
Configuring Digital Certificates
Customizing the Local CA Server
To configure a customized local CA server, perform the following steps:
Command
Purpose
Step 1
crypto ca server
Example:
hostname (config)# crypto ca server
Enters local CA server configuration mode. Allows
you to configure and manage a local CA.
Step 2
issuer-name
DN-string
Example:
hostname (config-ca-server)# issuer-name
cn=xx5520,cn=30.132.0.25,ou=DevTest,ou=QA,o=ASC
Systems
Specifies parameters that do not have default values.
Step 3
smtp subject
subject-line
Example:
hostname (config-ca-server) # smtp subject Priority
E-Mail: Enclosed Confidential Information is
Required for Enrollment
Customizes the text that appears in the subject field
of all e-mail messages sent from the local CA server
Step 4
smtp from-address
e-mail_address
Example:
hostname (config-ca-server) # smtp from-address
Specifies the e-mail address that is to be used as the
From: field of all e-mail messages that are generated
by the local CA server.
Step 5
subject-name-default
dn
Example:
hostname (config-ca-server) # subject-name default
cn=engineer, o=ASC Systems, c=US
Specifies an optional subject-name DN to be
appended to a username on issued certificates. The
default subject-name DN becomes part of the
username in all user certificates issued by the local
CA server.
The allowed DN attribute keywords are as follows:
•
C = Country
•
CN = Common Name
•
EA = E-mail Address
•
L = Locality
•
O = Organization Name
•
OU = Organization Unit
•
ST = State/Province
•
SN = Surname
•
ST = State/Province
Note
If you do not specify a subject-name-default
to serve as a standard subject-name default,
you must specify a DN each time that you
add a user.