- Preface
- Using the WAAS Command-Line Interface
- Cisco WAAS Software Command Summary
- CLI Commands
- EXEC Mode Commands
- Global Configuration Mode Commands
- Interface Configuration Mode Commands
- Standard ACL Configuration Mode Commands
- Extended ACL Configuration Mode Commands
- Preposition Configuration Mode Commands
- PKI Certification Authority Configuration Mode Commands
- PKI Global Settings Configuration Mode Commands
- SSL Accelerated Service Configuration Mode Commands
- SSL Cipher List Configuration Mode Commands
- SSL Global Service Configuration Mode Commands
- SSL Host Peering Service Configuration Mode Commands
- SSL Management Service Configuration Mode Commands
- WCCP Configuration Mode Commands
- Service Context Configuration Mode Commands
- Service Node Group Configuration Mode Commands
- Service Node Configuration Mode Commands
- Service Context Configuration Mode Commands
- Class Map Configuration Mode Commands
- Policy Map Configuration Mode Commands
- Policy Map Class Configuration Mode Commands
- Acronyms and Abbreviations
- Command Summary by Mode
PKI Certificate Authority Configuration Mode Commands
To configure public key infrastructure (PKI) encryption certificate authorities on a WAAS device, use the crypto pki ca global configuration command. To delete a PKI encryption certificate authority, use the no form of the command.
crypto pki ca certificate_authority_name
no crypto pki ca certificate_authority_name
Syntax Description
Name of the certificate authority (CA). The CA name may contain up to 64 characters. |
Defaults
Command Modes
Device Modes
Usage Guidelines
Use the command to add and configure a certificate authority. This command initiates the certificate authority configuration mode, indicated by the (config-ca) prompt.
Within certificate authority configuration mode, you can use the various commands (ca-certificate, description, revocation check, and so on) to define an encryption certificate authority. To return to global configuration mode, enter exit at the certificate authority configuration mode prompt.
Examples
The following example shows how to create or edit a certificate authority named mycertauth. If the certificate authority is already established on the WAAS device, the crypto pki ca command edits it. If the certificate authority does not exist, the crypto pki ca command creates it.
Related Commands
(config-ca) ca-certificate
To set the certification authority file to be used by the WAAS device, use the ca-certificate certification authority configuration command.
Syntax Description
Filename of the certificate authority. The filename must end in.ca and be no longer than 32 characters. |
Defaults
Command Modes
certification authority configuration
Device Modes
Usage Guidelines
Before you can assign a certification authority file using the ca-certificate command, the certification authority file must be imported using the crypto import ca-certificate EXEC command. See the crypto import command.
Examples
The following example shows how to specify the certification authority file to use:
Related Commands
(config-ca) description
To enter a description for the certification authority to be used by the WAAS device, use the description command.
Syntax Description
Test to briefly describe the certification authority being used. The description text must not exceed 128 characters. |
Defaults
Command Modes
certification authority configuration
Device Modes
Examples
The following example shows how to define the descriptive text for the certification authority:
Related Commands
(config-ca) revocation-check
To configure the certification authority revocation checking method, use the revocation-check command.
revocation-check {none | ocsp-cert-url | ocsp-url} [none | ocsp-cert-url | ocsp-url]
Syntax Description
Defaults
Command Modes
certification authority configuration
Device Modes
Examples
The following example shows how to configure certification authority revocation checking to use the URL defined in the global OCSP settings:
The following example shows how to configure revocation checking to use the URL defined in the global OCSP settings as the first method, and to use no checking as the second method: