Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
152
Views
0
Helpful
1
Replies

FMC 7.7.0 API calls for certificate management

HQuest
Level 1
Level 1

‎07-04-2025 12:49 PM

With 45-day certificates in the horizon, it is time to start looking at automating certificate renewals within the FMC and FTD. While adding certificate objects can be done over API, I found many things seems to be lacking - or I am looking at the wrong spots.

Is it possible to:

1) update the FMC Management SSL certificate (FMC > System > Configuration > HTTPS Certificate)?

2) create new certificate enrollment (FMC > Objects > Object Management > PKI > Cert Enrollment)?

3) Enroll the certificate from #2 on an FTD sensor (FMC > Devices > Certificates)?

4) create new internal certs object (FMC > Objects > Object Management > PKI > Internal Certs)?

5) manage internal certs groups object (FMC > Objects > Object Management > PKI > Internal Cert Groups)?

6) Update certificates on a RAVPN policy (FMC > Devices > VPN > RAVPN Policy > Access Interfaces > SSL Global Identity Certificate / IKEv2 Identity Certificate)?

7) Push a policy to a device (FMC > Deploy)?

I had limited success with some of these - for #1, I was only able to push it via CLI - seems this was deprecated in previous versions. For #2, while I can post a certificate, it never works for the enrollment on #3, so for all intents and purposes, I consider #2 as not successful. And I basically stopped here. Are all of these 7 items possible on previous versions?

0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎07-04-2025 01:20 PM

I expect it to become much more powerful when ACME support gets implemented in FMC. ASA 9.23(1) already has it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card