Cisco Cisco ASA 5555-X Adaptive Security Appliance 产品宣传页

인증서 관리

7.2(1)

다음 명령을 도입했습니다. 
issuer-name DN-string, revocation-check crl none, 
revocation-check crl, revocation-check none

다음 명령은 더 이상 사용되지 않습니다. crl {required | 

optional | nocheck} 

인증서 관리

8.0(2)

다음 명령을 도입했습니다. 
cdp-url, crypto ca server, crypto ca server crl issue, 
crypto ca server revoke cert-serial-no, crypto ca server 
unrevoke cert-serial-no, crypto ca server user-db add 
user [dn dn] [email e-mail-address], crypto ca server 
user-db allow {username | all-unenrolled | 
all-certholders} [display-otp] [email-otp] [replace-otp], 
crypto ca server user-db email-otp {username | 
all-unenrolled | all-certholders}, crypto ca server 
user-db remove username, crypto ca server user-db 
show-otp {username | all-certholders | all-unenrolled}, 
crypto ca server user-db write, [no] database path 
mount-name directory-path, debug crypto ca server [level], 
lifetime {ca-certificate | certificate | crl} time, no 
shutdown, otp expiration timeout, renewal-reminder time, 
show crypto ca server, show crypto ca server cert-db 
[user username | allowed | enrolled | expired | on-hold] 
[serial certificate-serial-number], show crypto ca server 
certificate, show crypto ca server crl, show crypto ca 
server user-db [expired | allowed | on-hold | enrolled], 
show crypto key name of key, show running-config, 
shutdown

SCEP 

프록시

8.4(1)

서드파티 CA의 디바이스 인증서를 안전하게 배포하는 이 기능

을 도입했습니다.
다음 명령을 도입했습니다.
crypto ikev2 enable outside client-services port 
portnumber, scep-enrollment enable, 
scep-forwarding-url value URL, 
secondary-pre-fill-username clientless hide 
use-common-password password, 
secondary-pre-fill-username ssl-client hide 
use-common-password password, 
secondary-username-from-certificate {use-entire-name | 
use-script | {primary_attr [secondary-attr]}} 
[no-certificate-fallback cisco-secure-desktop 
machine-unique-id]