Cisco Cisco ASA 5555-X Adaptive Security Appliance - No Payload Encryption Merkblatt
18-44
Cisco ASA Series
일반적인 작업 CLI 구성 가이드
18
장 디지털 인증서
인증서 관리 내역
인증서 관리
7.2(1)
다음 명령을 도입했습니다.
issuer-name DN-string, revocation-check crl none,
revocation-check crl, revocation-check none
issuer-name DN-string, revocation-check crl none,
revocation-check crl, revocation-check none
다음 명령은 더 이상 사용되지 않습니다. crl {required |
optional | nocheck}
인증서 관리
8.0(2)
다음 명령을 도입했습니다.
cdp-url, crypto ca server, crypto ca server crl issue,
crypto ca server revoke cert-serial-no, crypto ca server
unrevoke cert-serial-no, crypto ca server user-db add
user [dn dn] [email e-mail-address], crypto ca server
user-db allow {username | all-unenrolled |
all-certholders} [display-otp] [email-otp] [replace-otp],
crypto ca server user-db email-otp {username |
all-unenrolled | all-certholders}, crypto ca server
user-db remove username, crypto ca server user-db
show-otp {username | all-certholders | all-unenrolled},
crypto ca server user-db write, [no] database path
mount-name directory-path, debug crypto ca server [level],
lifetime {ca-certificate | certificate | crl} time, no
shutdown, otp expiration timeout, renewal-reminder time,
show crypto ca server, show crypto ca server cert-db
[user username | allowed | enrolled | expired | on-hold]
[serial certificate-serial-number], show crypto ca server
certificate, show crypto ca server crl, show crypto ca
server user-db [expired | allowed | on-hold | enrolled],
show crypto key name of key, show running-config,
shutdown
cdp-url, crypto ca server, crypto ca server crl issue,
crypto ca server revoke cert-serial-no, crypto ca server
unrevoke cert-serial-no, crypto ca server user-db add
user [dn dn] [email e-mail-address], crypto ca server
user-db allow {username | all-unenrolled |
all-certholders} [display-otp] [email-otp] [replace-otp],
crypto ca server user-db email-otp {username |
all-unenrolled | all-certholders}, crypto ca server
user-db remove username, crypto ca server user-db
show-otp {username | all-certholders | all-unenrolled},
crypto ca server user-db write, [no] database path
mount-name directory-path, debug crypto ca server [level],
lifetime {ca-certificate | certificate | crl} time, no
shutdown, otp expiration timeout, renewal-reminder time,
show crypto ca server, show crypto ca server cert-db
[user username | allowed | enrolled | expired | on-hold]
[serial certificate-serial-number], show crypto ca server
certificate, show crypto ca server crl, show crypto ca
server user-db [expired | allowed | on-hold | enrolled],
show crypto key name of key, show running-config,
shutdown
SCEP
프록시
8.4(1)
서드파티 CA의 디바이스 인증서를 안전하게 배포하는 이 기능
을 도입했습니다.
다음 명령을 도입했습니다.
crypto ikev2 enable outside client-services port
portnumber, scep-enrollment enable,
scep-forwarding-url value URL,
secondary-pre-fill-username clientless hide
use-common-password password,
secondary-pre-fill-username ssl-client hide
use-common-password password,
secondary-username-from-certificate {use-entire-name |
use-script | {primary_attr [secondary-attr]}}
[no-certificate-fallback cisco-secure-desktop
machine-unique-id]
다음 명령을 도입했습니다.
crypto ikev2 enable outside client-services port
portnumber, scep-enrollment enable,
scep-forwarding-url value URL,
secondary-pre-fill-username clientless hide
use-common-password password,
secondary-pre-fill-username ssl-client hide
use-common-password password,
secondary-username-from-certificate {use-entire-name |
use-script | {primary_attr [secondary-attr]}}
[no-certificate-fallback cisco-secure-desktop
machine-unique-id]
표
18-1
인증서
관리
내역
(
계속
)
기능 이름
플랫폼 릴리스 설명