Cisco Systems ASA 5585-X Manual De Usuario

Once you have created the internal CA, create the CTL provider instance. See 

Create a CTL Provider instance in preparation for a connection from the CTL Client.

The default port number listened by the CTL Provider is TCP 2444, which is the default CTL port on 
the Cisco UCM. Use the service port command to change the port number if a different port is used by 
the Cisco UCM cluster. 

ciscoasa(config-ca-trustpoint)# proxy-ldc-issuer

Issues TLS proxy local dynamic certificates. The 
proxy-ldc-issuer command grants a crypto 
trustpoint the role as local CA to issue the LDC and 
can be accessed from crypto ca trustpoint 
configuration mode.

The proxy-ldc-issuer command defines the local 
CA role for the trustpoint to issue dynamic 
certificates for TLS proxy. This command can only 
be configured under a trustpoint with "enrollment 
self." 

ciscoasa(config-ca-trustpoint)# fqdn fqdn 

ciscoasa(config-ca-trustpoint)# fqdn 

Includes the indicated FQDN in the Subject 
Alternative Name extension of the certificate during 
enrollment.

ciscoasa(config-ca-trustpoint)# subject-name 

ciscoasa(config-ca-trustpoint)# subject-name 

Includes the indicated subject DN in the certificate 
during enrollment

hostname(config-ca-trustpoint)# keypair keyname

ciscoasa(config-ca-trustpoint)# keypair 

Specifies the key pair whose public key is to be 
certified.

ciscoasa(config-ca-trustpoint)# exit

Exits from the CA Trustpoint configuration mode.

hostname(config)# crypto ca enroll trustpoint

ciscoasa(config)# crypto ca enroll ldc_server

Starts the enrollment process with the CA and 
specifies the name of the trustpoint to enroll with.