10-12-2018 05:37 PM - edited 03-12-2019 07:01 AM
Hi All
Really struggling to find an answer to this which is strange.
Weve got got a couple of ASA’s with Firepower module on.
the firewalls themselves have got Certs installed from m our CA so we don’t get cert warnings. However I’m still getting a warning because the Firepower module isnusing a self signed cert.
i don’t want to go around admin stations installing this cert as that’s time consuming and in any case I’d rather it was usong
one of ours.
does anyone know how to add a cert to Firepower from Windows CA?
what should the subject be for this cert. at the moment it’s Firepower, should it be the same or follow our naming convention?
10-13-2018 11:05 PM
Hello,
You can install the certificate on ASA from CA to be used for firepower using below link. This uses CSR:
https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html
Or you can install the certificate directly from windows CA:
HTH
AJ
10-14-2018 01:11 AM
The only time I can think of that you would be accessing a Firepower service module via TLS is when you are doing local management with ASDM. Is that where you are seeing errors? I've not seen such an error the few times I've managed a module with ASDM.
If you want to add a certificate to the module itself you should be able to do so following this procedure:
I believe ASDM will be requesting information from the module using the module's IP address (vs. FQDN) so the address would need to be at least a SAN (if not the CN) in the certificate.
12-10-2019 02:12 PM
How to do this using SSH, as the Firepower ASDM onbox management it´s not available, since the Sourcefire3d certificate its unknown for ASDM host?
12-10-2019 09:38 PM
Can't you allow/accept the self-signed certificate on one workstation - just enough to be able to then go int via ASM and update it using the documented GUI procedure mentioned earlier?
If you cannot, then I would suggest opening a TAC case as there's not (as far as I know) a supported procedure for customer's doing it via the cli.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide