Configuring Identity Certificates Authentication
Click OK when you are done to close the Key Pair Details dialog box.
Step 13
Choose a certificate subject DN to form the DN in the identity certificate. and then click Select to display
Step 14
the Certificate Subject DN dialog box.
Choose one or more DN attributes that you want to add from the drop-down list, enter a value, and then
Step 15
click Add. Available X.500 attributes for the Certificate Subject DN are the following:
•
Common Name (CN)
•
Department (OU)
Company Name (O)
•
Country (C)
•
State/Province (ST)
•
Location (L)
•
E-mail Address (EA)
•
Click OK when you are done to close the Certificate Subject DN dialog box.
Step 16
To create self-signed certificates, check the Generate self-signed certificate check box.
Step 17
To have the identity certificate act as the local CA, check the Act as local certificate authority and
Step 18
issue dynamic certificates to TLS proxy check box.
To establish additional identity certificate settings, click Advanced.
Step 19
The Advanced Options dialog box appears, with the following three tabs: Certificate Parameters,
Enrollment Mode, and SCEP Challenge Password.
Note
Click the Certificate Parameters tab, and then enter the following information:
Step 20
The FQDN, an unambiguous domain name, to indicate the position of the node in the DNS tree
•
hierarchy.
The e-mail address associated with the identity certificate.
•
The adaptive security appliance IP address on the network in four-part, dotted-decimal notation.
•
To add the adaptive security appliance serial number to the certificate parameters, check the Include
•
serial number of the device check box.
Click the Enrollment Mode tab, and then enter the following information:
Step 21
Choose the enrollment method by clicking the Request by manual enrollment radio button or the
•
Request from a CA radio button.
The enrollment URL of the certificate to be automatically installed through SCEP.
•
The maximum number of minutes allowed to retry installing an identity certificate. The default is
•
one minute.
The maximum number of retries allowed for installing an identity certificate. The default is zero,
•
which indicates an unlimited number of retries within the retry period.
Click the SCEP Challenge Password tab, and then enter the following information:
Step 22
The SCEP password
•
The SCEP password confirmation
•
Cisco ASA 5500 Series Configuration Guide using ASDM
35-16
Enrollment mode settings and the SCEP challenge password are not available for self-signed
certificates.
Chapter 35
Configuring Digital Certificates
OL-20339-01