Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
2
Helpful
3
Replies

FMC - FTD cert Status "Identity certificate not applicable"

cpaquet
Level 1
Level 1

‎07-28-2024 06:33 AM

See screen shot.

Documentation doesn't say what is the meaning of a Device cert with the status of "identity certificate not applicable".

Anyone knows?

Thank you.

Preview file
64 KB
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎07-28-2024 06:45 AM

enrollment type explain this 
enrollment manual can
1- CA only 
2- CA + ID
3- ID 

here you use manual and click on CA only and hence you add CA cert only to FTD not CA + ID 

MHM 

0 Helpful

Rob Ingram
VIP
VIP

‎07-28-2024 08:17 AM

@cpaquet in your scenario the "Azure_AD_SAML_cert" enrollment type is manual CA only, which does not require an identity certificate. This "CA only" certificate is a Certificate Authority certificate required for the FTD to trust the Azure certificate for authentication.

RobIngram_0-1722177681176.png

An identity (device) certificate would be required for when the FTD itself requires a certificate, e.g., for RAVPN where the identity certificate identifies the FTD to the Secure Client/AnyConnect clients, when they connect to the FTD. The identity certificate is usually a certificate signed by a public CA.

 

 

 

cpaquet
Level 1
Level 1
In response to Rob Ingram

‎08-02-2024 03:46 AM

@Rob Ingram Thanks Rob:  got it.  The screen shot is looking at the CA Root cert installed on NGFW1 and not at the NGFW1 own identity cert.  My bad to not have caught that before.  Thanks again for your replay.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card