Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA // trustpoint command "validation-policy"

Hi,

while configuring and understanding ASAs way of handling certificates, I encountered the command "validation-policy" in the command-reference of the ASA (8.2(2)):

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1557319

AFAIK, it allows you to limit the use of a certain trustpoint within the ASA to a specific usage, e.g. client authentication. I wanted to test the feature and use it for a customer-implementation, but I can't - it seems the command is simply not there?!

asa(config)# crypto ca trustpoint startssl.com
asa(config-ca-trustpoint)# validation-policy
                            ^
ERROR: % Invalid input detected at '^' marker.
asa(config-ca-trustpoint)#

Is there any prerequisite I'm not aware of?

By the way, the documentation here on CCO is rather inconsistant. E.g., the configuration-guide tells me to use the command "support-user-cert-validation", while the command-reference for the same version (8.2) tells me the command is deprecated!

Thanks for help!

Florian

1 REPLY
Cisco Employee

Re: ASA // trustpoint command "validation-policy"

That is only supported when ASA is the CA server.

358
Views
0
Helpful
1
Replies