33-10
Cisco Security Appliance Command Line Configuration Guide
OL-16647-01
Chapter 33 Configuring Certificates
Identity Certificates Authentication
Generate Certificate Signing Request
This pane lets you generate a certificate signing request to send to Entrust. Be aware that at the time of
this release, Entrust supports key modulus of size 1024 only. Consult Entrust if you are using any other
value.
Generate Certificate Signing Request Fields
• Key Pair—Use the drop-down menu to display the configured key pairs by name.
–
Show—Click to display information about the selected key pair, including date and time
generated, usage (general or special purpose), modulus size, and key data.
–
New—Click to add a new key pair, providing a name, modulus size, and usage. When you
generate the key pair, you have the option of sending it to the security appliance or saving it to
a file.
• Certificate Subject DN—Identifies DN attributes for the certificate.
–
Common Name (CN)—Enter the FQDN or IP address of the security appliance.
–
Organization (O)—Provide the name of the company.
–
Country (C)—Enter the two-letter code for the country.
• Optional Parameters—Lets you add additional attributes for the signing request.
–
Additional DN Attributes—These include Department (OU), State (ST), Location (L), and
E-mail Address (EA).
–
FQDN (SubjectAlt Name)—Use this certificate extension field to enter additional fully
qualified domain name information if the CA requires it.
• Generate Request—Click to generate the certificate signing request, which you can then Send to
Entrust, or Save to File, and send later.
Modes
The following table shows the modes in which this feature is available:
Installing Identity Certificates
The Install button on the Identity Certificates window is inactivated unless there is a pending
enrollment. Whenever the security appliance receives a Certificate Signing Request (CSR), the Identity
Certificates window displays the pending ID certificate. When you highlight the pending Identity
Certificate, the Install button activates.
When you transmit the pending file to a CA, the CA enrolls it and returns a certificate to the security
appliance. Once you have the certificate, click the Install button and highlight the appropriate Identity
and CA certificates to complete the operation.
The following steps illustrate adding and installing a pending Identity Certificate:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
•••••
