06-24-2023 09:32 PM
Hi all,
This is Aldrin Stephen Gomes from Bangladesh. I wanted to use a machine certificate in Firewall. Can I use this in CISCO firewall? N/B: want to use CA machine certificate, not SSL. If yes please can you guys tell me how can I do this? Hope someone can help me to find out a solution..!!
Thank you
Aldrin Stephen Gomes.
06-25-2023 01:05 AM
@stephenaldring what do you want to use the certificate for, Remote Access VPN, management of the firewall or SSL decryption?
What hardware are you referring to, Cisco ASA or FTD?
Guide for installing certificates on FTD - https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html
Guide for installing certificates on ASA - https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107956-renew-ssl.html
06-25-2023 04:35 PM
If you are planning to use the firewall as an internal PKI to issue certificates for your machines then that is not supported. Although you can configure the firewall to run some basic local PKI server, but that would only be for remote VPN users.
06-26-2023 08:06 AM - edited 06-26-2023 08:06 AM
There are no processes on FMC that would use a machine certificate.
The most common use for machine certificates in security is for network access control (like ISE) where the machine certificate is presented by an 802.1x suppliant for authentication. However, FMC does not have nor does it support an 802.1x supplicant.
It only supports use of a server certificate to identify itself via the admin GUI (and/or API) and a server+client certificate for pxGrid integration to ISE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide