https://community.cisco.com/t5/network-security/asa-5515/m-p/3325648#M989638 Hi<BR /><BR />Can you give more details on what you're trying to achieve?<BR /><BR />Is it having ASA acting as CA server or looking ASA with a corporate CA?<BR /><BR />And then leverage vpn authentication with certificates? Mon, 05 Feb 2018 22:49:41 GMT Francesco Molino 2018-02-05T22:49:41Z https://community.cisco.com/t5/network-security/asa-5515/m-p/3325208#M989637 <P>Good Day</P> <P>&nbsp;</P> <P>Is it possible&nbsp;to apply an internal CA certificate to an ASA internal interface and SSL VPN feature?</P> <P>If so how does one go about doing so?</P> <P>&nbsp;</P> Fri, 21 Feb 2020 15:17:28 GMT https://community.cisco.com/t5/network-security/asa-5515/m-p/3325208#M989637 IamDaMayor 2020-02-21T15:17:28Z https://community.cisco.com/t5/network-security/asa-5515/m-p/3325648#M989638 Hi<BR /><BR />Can you give more details on what you're trying to achieve?<BR /><BR />Is it having ASA acting as CA server or looking ASA with a corporate CA?<BR /><BR />And then leverage vpn authentication with certificates? Mon, 05 Feb 2018 22:49:41 GMT https://community.cisco.com/t5/network-security/asa-5515/m-p/3325648#M989638 Francesco Molino 2018-02-05T22:49:41Z https://community.cisco.com/t5/network-security/asa-5515/m-p/3327362#M989639 <P>When users browses to the management / internal facing IP of the ASA (to access the ASDM) the&nbsp;attached message appears.</P> <P>How does user apply a certificate to prevent this invalid message appearing ?&nbsp;Users does not want the ASA to be a CA, but would like the ASA to have a Corporate CA cert attached to it. But there are no certificates needed for VPNs at this time</P> Thu, 08 Feb 2018 09:36:57 GMT https://community.cisco.com/t5/network-security/asa-5515/m-p/3327362#M989639 IamDaMayor 2018-02-08T09:36:57Z https://community.cisco.com/t5/network-security/asa-5515/m-p/3327996#M989640 <P>OK got it.</P> <P>You can create a certificate for ASA. Follow that Cisco doc:&nbsp;<A href="https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html</A></P> <P>&nbsp;</P> <P>If you generate a certificate with an internal CA, users must have the chain (root and subordinate) to trust that certificate.&nbsp;</P> <P>You can also get a public certificate to not get this message for any users...</P> <P>&nbsp;</P> Fri, 09 Feb 2018 02:06:37 GMT https://community.cisco.com/t5/network-security/asa-5515/m-p/3327996#M989640 Francesco Molino 2018-02-09T02:06:37Z https://community.cisco.com/t5/network-security/asa-5515/m-p/3328062#M989641 <P>User has already tried using that link but as per user it was not helpful</P> <P>&nbsp;</P> <P>User would like to apply an internal cert to the management interface (used on the internal network).</P> Fri, 09 Feb 2018 07:14:01 GMT https://community.cisco.com/t5/network-security/asa-5515/m-p/3328062#M989641 IamDaMayor 2018-02-09T07:14:01Z https://community.cisco.com/t5/network-security/asa-5515/m-p/3328252#M989642 <P>I'm sorry but I don't understand your issue here.</P> <P>&nbsp;</P> <P>The link is talking about importing a certificate on ASA (no matter if that's a public or internal CA).</P> <P>&nbsp;</P> <P>The goal is to :</P> <P>- create a trustpoint</P> <P>- authenticate that trustpoint by importing your Root CA</P> <P>- Use openssl to generate your ASA cert</P> <P>- import the cert into ASA.</P> <P>&nbsp;</P> <P>Steps are the same for internal certificate or external certificate</P> Fri, 09 Feb 2018 15:15:21 GMT https://community.cisco.com/t5/network-security/asa-5515/m-p/3328252#M989642 Francesco Molino 2018-02-09T15:15:21Z