Configure the Certificate Authority
Use this procedure to configure the certificate authority (CA) and perform related actions. You can configure only one CA in a device at a time.
Procedure
- In the navigation pane, expand .
- Select Certificate.
- Select the CA tab.
- Select Insert.
- In the Name field, type a user-defined name of the CA.
- In the CommonName field, type the common name of the CA.
- In the KeyName field, type the name of the associated key pair.
- Complete the remaining optional configuration to customize the policy.
- Select Insert.
- Optional: Select Retry Action if the trustpoint CA certificate authentication fails or takes time for authentication. This can be done only when the selected Action is caauth.
CA field descriptions
Use the data in the following table to use the CA tab.
Name |
Description |
---|---|
Name |
Specifies the user-defined name referring to the Certificate Authority issuing the Digital Certificate. |
CommonName |
Specifies the Common Name of the Certificate Authority issuing the Digital Certificate. |
KeyName |
Specifies the name of the associated key pair. |
CaUrl |
Specifies the URL of the Certificate Authority issuing the Digital Certificate. |
Action |
Specifies the action the Certificate Authority can take:
|
ActionChallengePassword |
Specifies the challenge password required to perform the SCEP operation. |
LastActionStatus |
Specifies the status of the last action:
|
LastActionFailureReason |
Specifies the reason of failure for the last action performed by the Certificate Authority. |
InstallRootCaFileName |
Specifies the certificate file obtained offline from the Root Certificate Authority. |
SubjectCertificateValidityDays |
Specifies the number of days for which subject certificate will remain valid. The default value is 365 days. |
UsePost |
Specifies the HTTP request type: URL or POST. TRUE for EJBCA and FALSE for Win2012 CA |
Sha256Fingerprint |
Specifies an encrypted fingerprint of the expected certificate to match. |
SubjectName |
Specifies the Subject Name of the subject sending the Certificate Signing Request to the Certificate Authority. |
UsedFor |
Specifies the name of the application the certificate uses. The default is enabled if there is only 1 CA trustpoint configured. |