Support User Manuals

Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

8-71

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 8 Managing Users and Identity Stores

Configuring CA Certificates

Step 3 Click Submit.

The Trust Certificate page appears with the edited certificate.

Related Topics

• User Certificate Authentication, page B-6

• Overview of EAP-TLS, page B-6

Deleting a Certificate Authority

Use this page to delete a trusted CA (Certificate Authority) certificate:

Step 1 Select Users and Identity Stores > Certificate Authorities.

The Trust Certificate List page appears with a list of configured certificates.

Step 2 Check one or more check boxes next to the certificates that you want to delete.

Step 3 Click Delete.

Step 4 Click Yes to confirm.

The Trust Certificate page appears without the deleted certificate(s).

Certificate Revocation List Configuration

Use this section to configure the CRL.

Download CRL Check this box to download the CRL.

CRL Distribution URL Enter the CRL distribution URL. You can specify a URL that uses HTTP.

Retrieve CRL ACS attempts to download a CRL from the CA. Toggle the time settings for ACS to

retrieve a new CRL from the CA.

• Automatically —Obtain the next update time from the CRL file. If unsuccessful,

ACS tries to retrieve the CRL periodically after the first failure until it succeeds.

• Every—Determines the frequency between retrieval attempts. Enter the amount in

units of time.

If Download Failed Wait Enter the amount of time to attempt to retrieve the CRL, if the retrieval initially failed.

Bypass CRL Verification if CRL is

not Received

If unchecked, all the client requests that use the certificate that is signed by the

selected CA will be rejected until ACS receives the CRL file. When checked, the client

request may be accepted before the CRL is received.

Ignore CRL Expiration Check this box to check a certificate against an outdated CRL.

• When checked, ACS continues to use the expired CRL and permits or rejects

EAP-TLS authentications according to the contents of the CRL.

• When unchecked, ACS examines the expiration date of the CRL in the Next

Update field in the CRL file. If the CRL has expired, all authentications that use

the certificate that is signed by the selected CA are rejected.

Table 8-20 Edit Certificate Authority Properties Page (continued)

Option Description

previous next