Smart licensing uses
the Smart Call Home infrastructure. When the ASA configures Smart Call Home
anonymous reporting in the background, the ASA automatically creates a
trustpoint containing the certificate of the CA that issued the Call Home
server certificate. The ASA now supports validation of the certificate if the
issuing hierarchy of the server certificate changes, without the need for
customer involvement to adjust certificate hierarchy changes. You can automate
the update of the trustpool bundle at periodic intervals so that Smart Call
Home can remain active if the self-signed certificate of the CA server changes.
This feature is not supported under multi-context deployments.
Automatic import of trustpool certificate bundles requires you to specify the URL that ASA uses to download and import the
bundle. Use the following command so the import happens daily at a regular interval with the default Cisco URL and default
time of 22 hours:
ciscoasa(config-ca-trustpool)# auto-import-url Default
You can also enable auto import with a custom URL with the following command:
ciscoasa(config-ca-trustpool)# auto-import url http://www.thawte.com
To give you more
flexibility to set downloads during off peak hours or other convenient times,
enter the following command which enables the import with a custom time:
ciscoasa(config-ca-trustpool)# auto-import time 23:23:23
Setting the
automatic import with both a custom URL and custom time requires the following
command:
ciscoasa(config-ca-trustpool)# auto-import time 23:23:23 url http://www.thawte.com