cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


151
Views
0
Helpful
0
Replies
Explorer

ASA8.6 - Renewal of AnyConnect SSL VPN Certificate with Entrust (SHA2)

Hi,

we have to renew our SSL certificate (for AnyConnect VPN) with Entrust and I'm slightly confused over SHA1/SHA2 so thought I'd clarify on here first!

Our ASA is running version 8.6

Our current SSL certificate from Entrust is SHA1.

Can we renew the SSL certificate from Entrust but this time choose SHA2 for the certificate and simply follow the steps contained in:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107956-renew-ssl.html

i.e.  

- Generate new RSA key pair (size 2048bit?)

- Generate Certificate Signing Request (CSR) on ASA

- Use CSR to submit certificat request to Entrust (selecting SHA2 for the certificate from Entrust options)

- Install the new certificate on the ASA

- Bind new certificat to outside interface

And, after following those steps, we should then have our renewed certificate (SHA2 instead of SHA1) in place - and AnyConnect clients will be able to connect without any issue?

Is it as straightforward as that or is there anything I am missing or need to be careful of?

Thanks.