cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

395
Views
0
Helpful
3
Replies
Highlighted
Beginner
Beginner

PKI _SSL Certificate_ASA Firewlls_Private Key Information

recently uploaded a SSL  certificate(wildcard) on ASA Firewall issued by DigiCert. I got one SSL certificate , Intermediate CA and TrustedRoot certificate.

 

As far as I know, SSL certificate to function, Server ( in this case ASA) needs a private key to decrypt the data sent by client ( my laptop for ex). 

 

But, when I uploaded SSL certificate on to ASA Firewall, I didn't say any private key except the passphrase while importing it on ASA.

 

when browser hits "https://ASA IP"  address , browser would be given by SSL certificate which contains public Key. Browser now encrypts the ciphers information and symmetric key with public-key available in SSL certificate  and sends back to ASA FW IP.

 

How can ASA Firewall decrypts the message sent by broswer as I had never entered the private key . am I missing any point. 

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

Re: PKI _SSL Certificate_ASA Firewlls_Private Key Information

It depends. some CAs allow the CSR generation using their tools. In those cases, the private key is retained for use cases just such as yours - to later distribute along with the certificate.

View solution in original post

3 REPLIES 3
Highlighted
Hall of Fame Guru

Re: PKI _SSL Certificate_ASA Firewlls_Private Key Information

If the ASA certificate chain was given to you with a passphrase, that generally indicates the associated key is included in the bundle. When you installed it, the ASA saved it along with everything else.

Both the key and certificate are each just a couple hundred bytes so it's easy enough to bundle them together in a passphrase-protected file.

Highlighted
Beginner
Beginner

Re: PKI _SSL Certificate_ASA Firewlls_Private Key Information

if that's the case, CA should be knowing private key as well right. with the normal process, Certificate signing request won't contain private-key. 

I didn't create CSR. So, I am confused. 

Highlighted
Hall of Fame Guru

Re: PKI _SSL Certificate_ASA Firewlls_Private Key Information

It depends. some CAs allow the CSR generation using their tools. In those cases, the private key is retained for use cases just such as yours - to later distribute along with the certificate.

View solution in original post