Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
1
Replies

ASA // trustpoint command "validation-policy"

Florian Pressler
Level 1
Level 1

‎04-23-2010 05:37 AM

Hi,

while configuring and understanding ASAs way of handling certificates, I encountered the command "validation-policy" in the command-reference of the ASA (8.2(2)):

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1557319

AFAIK, it allows you to limit the use of a certain trustpoint within the ASA to a specific usage, e.g. client authentication. I wanted to test the feature and use it for a customer-implementation, but I can't - it seems the command is simply not there?!

asa(config)# crypto ca trustpoint startssl.com
asa(config-ca-trustpoint)# validation-policy
                            ^
ERROR: % Invalid input detected at '^' marker.
asa(config-ca-trustpoint)#

Is there any prerequisite I'm not aware of?

By the way, the documentation here on CCO is rather inconsistant. E.g., the configuration-guide tells me to use the command "support-user-cert-validation", while the command-reference for the same version (8.2) tells me the command is deprecated!

Thanks for help!

Florian

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎04-23-2010 05:50 AM

That is only supported when ASA is the CA server.

0 Helpful
Customers Also Viewed These Support Documents