Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1249
Views
0
Helpful
5
Replies

ASA 5515

IamDaMayor
Level 2
Level 2

‎02-05-2018 04:28 AM - edited ‎02-21-2020 07:17 AM

Good Day

 

Is it possible to apply an internal CA certificate to an ASA internal interface and SSL VPN feature?

If so how does one go about doing so?

 

Labels:
0 Helpful
5 Replies 5

Francesco Molino
VIP Alumni
VIP Alumni

‎02-05-2018 02:49 PM

Hi

Can you give more details on what you're trying to achieve?

Is it having ASA acting as CA server or looking ASA with a corporate CA?

And then leverage vpn authentication with certificates?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

IamDaMayor
Level 2
Level 2

‎02-08-2018 01:36 AM

When users browses to the management / internal facing IP of the ASA (to access the ASDM) the attached message appears.

How does user apply a certificate to prevent this invalid message appearing ? Users does not want the ASA to be a CA, but would like the ASA to have a Corporate CA cert attached to it. But there are no certificates needed for VPNs at this time

Preview file
20 KB
0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to IamDaMayor

‎02-08-2018 06:06 PM

OK got it.

You can create a certificate for ASA. Follow that Cisco doc: https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html

 

If you generate a certificate with an internal CA, users must have the chain (root and subordinate) to trust that certificate. 

You can also get a public certificate to not get this message for any users...

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

IamDaMayor
Level 2
Level 2
In response to Francesco Molino

‎02-08-2018 11:14 PM

User has already tried using that link but as per user it was not helpful

 

User would like to apply an internal cert to the management interface (used on the internal network).

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to IamDaMayor

‎02-09-2018 07:15 AM

I'm sorry but I don't understand your issue here.

 

The link is talking about importing a certificate on ASA (no matter if that's a public or internal CA).

 

The goal is to :

- create a trustpoint

- authenticate that trustpoint by importing your Root CA

- Use openssl to generate your ASA cert

- import the cert into ASA.

 

Steps are the same for internal certificate or external certificate


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card