33-8
Cisco Security Appliance Command Line Configuration Guide
OL-16647-01
Chapter 33 Configuring Certificates
Identity Certificates Authentication
–
The check box Include serial number of the device allows you to add the security appliance
serial number to the certificate parameters.
–
The Advanced > Enrollment Mode allows you to select either manual enrollment (Request by
manual enrollment) or enrollment by CA (Request from a CA), which requires the following
information:
–
Enrollment URL (SCEP): HTTP:// Enter the path and file name of the certificate to be
automatically installed.
–
Retry Period: Specify the maximum number of minutes to retry installing an Identity
certificate.The default is one minute.
–
Retry Count: Specify the number of retries for installing an Identity certificate. The default is
0, which indicates unlimited retries within the retry period.
• In the Add Identity Certificate pane, enter the following Certificate Subject DN information:
–
Certificate Subject DN— Specify the certificate subject-name DN to form the DN in the
Identity certificate, and click the Select... button to add DN attributes in the Certificate Subject
DN pane.
–
Attribute: (in Certificate Subject DN > Select window)— Select one or more DN attributes
from the pull-down menu. Selectable X.500 fields of attributes for the Certificate Subject DN
are:
–
Value: (in Certificate Subject DN > Select window)— Enter the value for each of the DN
attributes that you select in the Attribute list. With a value assigned to an attribute, use the
now-active Add button to add the attribute to the Attribute/Value field on the right. To remove
attributes and their values, select the attribute and click the now-active Delete button.
Once you complete Identity Certificate configuration, click Add Certificate in the Add Identity
Certificate pane. Then, be sure to click the Apply button in the Identity Certificates window to save the
newly certificate configuration.
Show Identity Certificate Details
The Show Details button displays the Certificate Details dialog box, which shows the following
information about the selected certificate:
• General—Displays the values for type, serial number, status, usage, public key type, CRL
distribution point, the times within which the certificate is valid, and associated certificates. This
applies to both available and pending status.
Certificate Subject DN Attributes
CN = Common Name
OU = Department
O = Company Name
C = Country
ST = State/Province
L = Location
EA = E-mail Address
