cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2065
Views
0
Helpful
3
Replies

PKI _SSL Certificate_ASA Firewlls_Private Key Information

NDP
Level 1
Level 1

recently uploaded a SSL  certificate(wildcard) on ASA Firewall issued by DigiCert. I got one SSL certificate , Intermediate CA and TrustedRoot certificate.

 

As far as I know, SSL certificate to function, Server ( in this case ASA) needs a private key to decrypt the data sent by client ( my laptop for ex). 

 

But, when I uploaded SSL certificate on to ASA Firewall, I didn't say any private key except the passphrase while importing it on ASA.

 

when browser hits "https://ASA IP"  address , browser would be given by SSL certificate which contains public Key. Browser now encrypts the ciphers information and symmetric key with public-key available in SSL certificate  and sends back to ASA FW IP.

 

How can ASA Firewall decrypts the message sent by broswer as I had never entered the private key . am I missing any point. 

1 Accepted Solution

Accepted Solutions

It depends. some CAs allow the CSR generation using their tools. In those cases, the private key is retained for use cases just such as yours - to later distribute along with the certificate.

View solution in original post

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

If the ASA certificate chain was given to you with a passphrase, that generally indicates the associated key is included in the bundle. When you installed it, the ASA saved it along with everything else.

Both the key and certificate are each just a couple hundred bytes so it's easy enough to bundle them together in a passphrase-protected file.

if that's the case, CA should be knowing private key as well right. with the normal process, Certificate signing request won't contain private-key. 

I didn't create CSR. So, I am confused. 

It depends. some CAs allow the CSR generation using their tools. In those cases, the private key is retained for use cases just such as yours - to later distribute along with the certificate.

Review Cisco Networking for a $25 gift card