Can I deployed a machine certificate in Firewall?

stephenaldring · ‎06-24-2023

Hi all,

This is Aldrin Stephen Gomes from Bangladesh. I wanted to use a machine certificate in Firewall. Can I use this in CISCO firewall? N/B: want to use CA machine certificate, not SSL. If yes please can you guys tell me how can I do this? Hope someone can help me to find out a solution..!!

Thank you

Aldrin Stephen Gomes.

Rob Ingram · ‎06-25-2023

@stephenaldring what do you want to use the certificate for, Remote Access VPN, management of the firewall or SSL decryption?

What hardware are you referring to, Cisco ASA or FTD?

Guide for installing certificates on FTD - https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html

Guide for installing certificates on ASA - https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107956-renew-ssl.html

Aref Alsouqi · ‎06-25-2023

If you are planning to use the firewall as an internal PKI to issue certificates for your machines then that is not supported. Although you can configure the firewall to run some basic local PKI server, but that would only be for remote VPN users.

Marvin Rhoads · ‎06-26-2023

There are no processes on FMC that would use a machine certificate.

The most common use for machine certificates in security is for network access control (like ISE) where the machine certificate is presented by an 802.1x suppliant for authentication. However, FMC does not have nor does it support an 802.1x supplicant.

It only supports use of a server certificate to identify itself via the admin GUI (and/or API) and a server+client certificate for pxGrid integration to ISE.