Is this possible to install multiple SSL certificate on Router or ASA?
I have two subdomains exchange.xyz.com and dialin.xyz.com and there is have one certificate for both but for Lync.abc.com i have another SSL certificate, as an example exchange.xyz.com and dialin.xyz.com ip address is a.b.c.55
and Lync.abc.com is abc.60
How about Router?
And please tell me what do you mean at the time?
If it means you can only assign one certificate to your interface why it is possible to have more than one certificate in your firewall?
Julio, is it possible to have the same SSL certificate for two different interfaces (In my case on Cisco ASA 9.14)? I don't want to affect connected VPN users, so I'm afraid to change the configuration.
This is the relevant part of the configuration.
ssl trust-point Certificate_Trustpoint_Name outside
anyconnect image disk0:/anyconnect-win-4.5.03040-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-macos-4.5.03040-webdeploy-k9.pkg 2
anyconnect image disk0:/anyconnect-linux64-4.5.03040-webdeploy-k9.pkg 3
When I'm connecting to "outside" everything is going right. But when I'm trying to connect to "visitors" so I'm getting a ASA temporary self signed certificate.
Thank you for your reply and I apologize for my English.
I was trying to change config at night.
It is possible to use same SSL trustpoint on different interfaces.
I was afraid that the originally entered command (for interface outside) would be overwritten.
ASA-HQ# sh run | i ssl trust
ssl trust-point CERTIFICATE_NAME_24032021 outside
ssl trust-point CERTIFICATE_NAME_24032021 visitors
ASA-HQ# sh crypto ssl
Accept connections using SSLv3 or greater and negotiate to TLSv1.2 or greater
Start connections using TLSv1.2 and negotiate to TLSv1.2 or greater
SSL DH Group: group24 (2048-bit modulus, 256-bit prime order subgroup, FIPS) (DEPRECATED)
SSL ECDH Group: group19 (256-bit EC)
Self-signed (RSA 2048 bits RSA-SHA256) certificate available
Self-signed (EC 256 bits ecdsa-with-SHA256) certificate available
Interface outside: CERTIFICATE_NAME_24032021 (RSA 4096 bits RSA-SHA256)
Interface visitors: CERTIFICATE_NAME_24032021 (RSA 4096 bits RSA-SHA256)
Certificate authentication is not enabled
As mentioned by Julio, you can only have one ssl trustpoint per interface.
However, you can have multiple SSL certificates on each device. Maybe for certificate authentication purposes, you do not apply these certificates on interface though.
You could have more than one domain on the ASA, just set up a VPN load-balancing cluster.
So you have one certificate applied to the outside interface and one applied to the VPN cluster.
OK Thanks for replys,
Guys please forget the ASA, now i'm asking about Router.
I want to have my certificate on my router no for vpn purpose.
I want to publish my exchange and lync server on my router and they have different ip addresses and different FQDN.
I need to use two ip address on same interface, IP secondary.
And i'm going to assign private ip address on both servers and Nat them on Cisco Router.