Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
5
Helpful
1
Replies

Cisco Identity Certificates

Go to solution
Mokhalil82
Level 4
Level 4

‎09-17-2015 12:58 PM - edited ‎02-21-2020 05:35 AM

Hi

I am getting to grips with certificates. So if I have installed for example Cisco ASA, Prime, ACS etc, when I try to connect to the server via HTTPS, I usually would get a security warning that the server is not trusted. What can I do in terms of setting up a certificate so that it is trusted. 

Can I use a self generated cert for this purpose.

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-17-2015 03:57 PM

You can trust self-signed certificates. The process can be a bit laborious. You need to start by making sure your server private key is strong (2048-bits).

Then when you generate the certificate the host name and domain name should match the DNS FQDN you will be using. Otherwise most browsers will complain that the certificate Common Name (CN) doesn't match the FQDN even if you trust the certificate.

Finally you need to download and import the certificate into your client computer's Trusted Root Certificate Store.

You can also use third party (i.e. public CA) signed certificates that you purchase. Some organizations purchase a wildcard certificate that can be used on any number of internal servers. I did the latter for a Prime Infrastructure server and documented how to in this posting.

View solution in original post

1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-17-2015 03:57 PM

You can trust self-signed certificates. The process can be a bit laborious. You need to start by making sure your server private key is strong (2048-bits).

Then when you generate the certificate the host name and domain name should match the DNS FQDN you will be using. Otherwise most browsers will complain that the certificate Common Name (CN) doesn't match the FQDN even if you trust the certificate.

Finally you need to download and import the certificate into your client computer's Trusted Root Certificate Store.

You can also use third party (i.e. public CA) signed certificates that you purchase. Some organizations purchase a wildcard certificate that can be used on any number of internal servers. I did the latter for a Prime Infrastructure server and documented how to in this posting.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card