Filter
Top Products
25-56
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 25 Configuring IKE and IPsec Policies
Understanding Public Key Infrastructure Policies
Related Topics
• PKI Enrollment Dialog Box—Enrollment Parameters Tab, page 25-59
• PKI Enrollment Dialog Box—Certificate Subject Name Tab, page 25-61
• PKI Enrollment Dialog Box—Trusted CA Hierarchy Tab, page 25-62
Field Reference
Table 25-11 PKI Enrollment Dialog Box—CA Information Tab
Element Description
CA Server Nickname The name used to identify the CA server in the certificate request. If
you leave this field blank, the domain name is used. You must leave this
field blank for Verisign CAs. Also, keep the following in mind:
• You cannot configure two CA servers with the same name but
different URLs on the same device.
• The CA name cannot match the name of a trusted CA configured
as part of the same PKI enrollment object (as defined on the PKI
Enrollment Dialog Box—Trusted CA Hierarchy Tab, page 25-62).
• When the device is configured as part of a VPN, do not configure
a device-level override that uses the same CA name as that of the
CA server used by any of the peers. (This is not a problem when
the device and its peers use a tiered PKI hierarchy.)
Enrollment Type The type of enrollment you want to perform. Security Manager
completes the enrollment only if you configure URL enrollment. If you
select another type, you must complete the enrollment using your own
methods.
• Self-Signed Certificate (ASA only)—To configure the enrollment
self command.
• Terminal (ASA only)—To configure the enrollment terminal
command.
• URL—To configure the URL for the CA server so that you can
complete automatic enrollment.
• None—Do not configure any enrollment command.