recently uploaded a SSL certificate(wildcard) on ASA Firewall issued by DigiCert. I got one SSL certificate , Intermediate CA and TrustedRoot certificate.
As far as I know, SSL certificate to function, Server ( in this case ASA) needs a private key to decrypt the data sent by client ( my laptop for ex).
But, when I uploaded SSL certificate on to ASA Firewall, I didn't say any private key except the passphrase while importing it on ASA.
when browser hits "https://ASA IP" address , browser would be given by SSL certificate which contains public Key. Browser now encrypts the ciphers information and symmetric key with public-key available in SSL certificate and sends back to ASA FW IP.
How can ASA Firewall decrypts the message sent by broswer as I had never entered the private key . am I missing any point.
Solved! Go to Solution.
If the ASA certificate chain was given to you with a passphrase, that generally indicates the associated key is included in the bundle. When you installed it, the ASA saved it along with everything else.
Both the key and certificate are each just a couple hundred bytes so it's easy enough to bundle them together in a passphrase-protected file.
if that's the case, CA should be knowing private key as well right. with the normal process, Certificate signing request won't contain private-key.
I didn't create CSR. So, I am confused.