FMC - FTD cert Status "Identity certificate not applicable"

cpaquet · ‎07-28-2024

See screen shot.

Documentation doesn't say what is the meaning of a Device cert with the status of "identity certificate not applicable".

Anyone knows?

Thank you.

MHM Cisco World · ‎07-28-2024

enrollment type explain this
enrollment manual can
1- CA only
2- CA + ID
3- ID

here you use manual and click on CA only and hence you add CA cert only to FTD not CA + ID

MHM

Rob Ingram · ‎07-28-2024

@cpaquet in your scenario the "Azure_AD_SAML_cert" enrollment type is manual CA only, which does not require an identity certificate. This "CA only" certificate is a Certificate Authority certificate required for the FTD to trust the Azure certificate for authentication.

An identity (device) certificate would be required for when the FTD itself requires a certificate, e.g., for RAVPN where the identity certificate identifies the FTD to the Secure Client/AnyConnect clients, when they connect to the FTD. The identity certificate is usually a certificate signed by a public CA.

cpaquet · ‎08-02-2024

@Rob Ingram Thanks Rob: got it. The screen shot is looking at the CA Root cert installed on NGFW1 and not at the NGFW1 own identity cert. My bad to not have caught that before. Thanks again for your replay.