How about Router?

And please tell me what do you mean at the time?

If it means you can only assign one certificate to your interface why it is possible to have more than one certificate in your firewall?

Regards,

And please tell me what do you mean at the time?

If it means you can only assign one certificate to your interface why it is possible to have more than one certificate in your firewall?

It means that you can have only one certicate on each interface,

Same thing on the routers, one Certiface/trustpoint  per interface

Julio, is it possible to have the same SSL certificate for two different interfaces (In my case on Cisco ASA 9.14)? I don't want to affect connected VPN users, so I'm afraid to change the configuration.

This is the relevant part of the configuration.


ssl trust-point Certificate_Trustpoint_Name outside
webvpn
enable outside
enable visitors
http-headers
hsts-server
enable
max-age 31536000
include-sub-domains
no preload
hsts-client
enable
x-content-type-options
x-xss-protection
content-security-policy
anyconnect image disk0:/anyconnect-win-4.5.03040-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-macos-4.5.03040-webdeploy-k9.pkg 2
anyconnect image disk0:/anyconnect-linux64-4.5.03040-webdeploy-k9.pkg 3
anyconnect enable
cache
disable


When I'm connecting to "outside" everything is going right. But when I'm trying to connect to "visitors" so I'm getting a ASA temporary self signed certificate. 

Thank you for your reply and I apologize for my English. 

I was trying to change config at night.
It is possible to use same SSL trustpoint on different interfaces. 
I was afraid that the originally entered command (for interface outside) would be overwritten.
 

ASA-HQ# sh run | i ssl trust
ssl trust-point CERTIFICATE_NAME_24032021 outside
ssl trust-point CERTIFICATE_NAME_24032021 visitors
ASA-HQ# sh crypto ssl
Accept connections using SSLv3 or greater and negotiate to TLSv1.2 or greater
Start connections using TLSv1.2 and negotiate to TLSv1.2 or greater
SSL DH Group: group24 (2048-bit modulus, 256-bit prime order subgroup, FIPS) (DEPRECATED)
SSL ECDH Group: group19 (256-bit EC)

SSL trust-points:
Self-signed (RSA 2048 bits RSA-SHA256) certificate available
Self-signed (EC 256 bits ecdsa-with-SHA256) certificate available
Interface outside: CERTIFICATE_NAME_24032021 (RSA 4096 bits RSA-SHA256)
Interface visitors: CERTIFICATE_NAME_24032021 (RSA 4096 bits RSA-SHA256)
Certificate authentication is not enabled

The discussion you are replying to is from 2013.

Please start a new discussion and present your use case for a better understanding of what you want to do.

It isn't needed. As I mentioned in the previous reply, I was trying to change the config at night(outside production hours) and my question was answered by this successful change. 

Thank you. 

OK Thanks for replys,

Guys please forget the ASA, now i'm asking about Router.

I want to have my certificate on my router no for vpn purpose.

I want to publish my exchange and lync server on my router and they have different ip addresses and different FQDN.

I need to use two ip address on same interface, IP secondary.

And i'm going to assign private ip address on both servers and Nat them on Cisco Router.

So users on internet use these links https://RouterIPaddress1 and https://RouterIPaddress2

What now?