Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
906
Views
0
Helpful
6
Replies

Purpose of certificate in ASA

Go to solution
mahesh18
Level 6
Level 6

‎12-27-2012 07:23 AM - edited ‎03-11-2019 05:41 PM

Hi Everyone,

I read ASA  has Permanent and temporary self assigned certificates need to know whay we use certificates in ASA ?

Whats there need?

Thanks

MAhesh

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎12-27-2012 08:28 AM

Hello Mahesh,

Those certificates that are self generated every single time the ASA boots are used when trying to connect via ASDM to the ASA (SSL).

You could also use it for VPN purposes ( Remote access IPSec, SSL VPN)

Hope this helps,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎12-27-2012 09:01 AM

Hello Mahesh,

No, for VPN you need to determine first if you are going to use a pre-shared key or the PKI ( Public key infrastructure using Certificates).

The certificate gets created when the ASA boots or you could even import a certificate from a Certificate authority and then use it for VPN but it will be the same one every single time you connect,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎12-28-2012 09:55 AM

For Remote VPN users you mean that User PC  can import the certificate from CA  and it will be same everytime you

connect right ?

Exactly, the PC's enroll to the CA and get their own certificate signed by the CA, and they will use it ( everysingle time they connect until expires and then they will need to enroll one more time)

Also will all the users have same certificate when they connect to VPN using Remote VPN client ?

No, each of them will have their own public and private key  ( but all of them will be signed by the same CA)

If you have any other query just let me know

Remember to rate all of the helpful posts

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎12-27-2012 08:28 AM

Hello Mahesh,

Those certificates that are self generated every single time the ASA boots are used when trying to connect via ASDM to the ASA (SSL).

You could also use it for VPN purposes ( Remote access IPSec, SSL VPN)

Hope this helps,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎12-27-2012 08:51 AM

Hi Julio,

Thanks for reply.

So for Remote access VPN everytime a user connects ASA  will generate a new certificate for each user?

Or there will be single certificate for every user?

Also user PC  also needs certificate for secure VPN right ?

Thanks

Mahesh

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎12-27-2012 09:01 AM

Hello Mahesh,

No, for VPN you need to determine first if you are going to use a pre-shared key or the PKI ( Public key infrastructure using Certificates).

The certificate gets created when the ASA boots or you could even import a certificate from a Certificate authority and then use it for VPN but it will be the same one every single time you connect,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎12-28-2012 09:44 AM

Hi Julio,

For Remote VPN users you mean that User PC  can import the certificate from CA  and it will be same everytime you

connect right ?

Also will all the users have same certificate when they connect to VPN using Remote VPN client ?

Thanks

Mahesh

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎12-28-2012 09:55 AM

For Remote VPN users you mean that User PC  can import the certificate from CA  and it will be same everytime you

connect right ?

Exactly, the PC's enroll to the CA and get their own certificate signed by the CA, and they will use it ( everysingle time they connect until expires and then they will need to enroll one more time)

Also will all the users have same certificate when they connect to VPN using Remote VPN client ?

No, each of them will have their own public and private key  ( but all of them will be signed by the same CA)

If you have any other query just let me know

Remember to rate all of the helpful posts

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎12-28-2012 10:01 AM

Hi julio,

Many thanks for all your answers

Best regards

MAhesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card