| Trustpoint Name | Enter the 32-character maximum name assigned to the target trustpoint. The trustpoint signing the certificate can be a certificate authority, a corporation, or an individual. |
| URL | Provide the complete URL to the location of the trustpoint. If needed, click Advanced to expand the dialog to display network address information to the location of the target trustpoint. The number of additional fields that populate the screen is also dependent on the selected protocol. |
| Protocol | Select the protocol used for importing the target trustpoint.
Available options include:
|
| Port | Set the port. This option is not valid for cf and usb1-4. |
| Host | Provide the hostname string or numeric IP address of the server
used to import the trustpoint. Hostnames cannot include an underscore
character. This option is not valid for cf and
usb1-4. Select IPv4 Address to use an IPv4 formatted address as the host. Select IPv6 Address to use an IPv6 formatted address as the host. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. |
| Path/File | Specify the path to the trustpoint file. Enter the complete relative path to the file on the server. |
If a certificate displays in the Certificate Management screen with a CRL, that CRL can be imported. A CRL (certificate revocation list) is a list of certificates that have been revoked or are no longer valid. A certificate can be revoked if the CA had improperly issued a certificate, or if a private key is compromised. The most common reason for revocation is the user no longer being in sole possession of the private key.
| Trustpoint Name | Enter the 32-character maximum name assigned to the target trustpoint signing the certificate. A trustpoint represents a CA/identity pair containing the identity of the CA, CA-specific configuration parameters, and an association with an enrolled identity certificate. |
| From Network | Select From Network to provide network address information to the location of the target CRL. The number of additional fields that populate the screen is also dependent on the selected protocol. This is the default setting. |
| URL | Provide the complete URL to the location of the CRL. If needed, click Advanced to expand the dialog to display network address information to the location of the CRL. The number of additional fields populating the screen depends on the selected protocol. |
| Advanced/Basic | Click Advanced or Basic to switch between a basic URL and an advanced location to specify trustpoint location. |
| Protocol | Select the protocol used for importing the CRL. Available options
include:
|
| Port | Set the port. This option is not valid for cf and usb1-4. |
| Host | Provide the hostname string or numeric IP address of the server
used to import the CRL. Hostnames cannot include an underscore
character. This option is not valid for cf and
usb1-4. Select IPv4 Address to use an IPv4 formatted address as the host. Select IPv6 Address to use an IPv6 formatted address as the host. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. |
| Path/File | Specify the path to the CRL file. Enter the complete relative path to the file on the server. |
| Cut and Paste | Select Cut and Paste to copy an existing CRL into the field. When pasting, no additional network address information is required. |
Signed certificates (or root certificates) avoid the use of public or private CAs. A self-signed certificate is an identity certificate signed by its own creator, thus the certificate creator also signs off on its legitimacy. The lack of mistakes or corruption in the issuance of self signed certificates is central.
Self-signed certificates cannot be revoked which may allow an attacker who has already gained controller access to monitor and inject data into a connection to spoof an identity if a private key has been compromised. However, CAs have the ability to revoke a compromised certificate, preventing its further use.
| Certificate Name | Enter the 32-character maximum trustpoint name with which the certificate should be associated. |
| From Network | Select From Network to provide network address information to the location of the signed certificate. The number of additional fields that populate the screen is also dependent on the selected protocol. From Network is the default setting. |
| URL | Provide the complete URL to the location of the signed certificate. If needed, click Advanced to expand the dialog to display network address information to the location of the signed certificate. The number of additional fields populating the screen depends on the selected protocol. |
| Protocol | Select the protocol used for importing the signed certificate.
Available options include:
|
| Port | Set the port. This option is not valid for cf and usb1-4. |
| Host | Provide the hostname string or numeric IP address of the server
used to import the signed certificate. Hostnames cannot include an
underscore character. This option is not valid for cf and
usb1-4. Select IPv4 Address to use an IPv4 formatted address as the host. Select IPv6 Address to use an IPv6 formatted address as the host. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. |
| Path/File | Specify the path to the signed certificate file. Enter the complete relative path to the file on the server. |
| Cut and Paste | Select Cut and Paste to copy an existing certificate into the field. When pasting, no additional network address information is required. |