cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
289
Views
4
Helpful
3
Replies

SSL VPN Cert Install via FMC

davparker
Level 1
Level 1

When creating a third party SSL cert for VPN using FMC 7x do you use the Intermediate or Root certificate for the CA?

Thanks, David

3 Replies 3

When creating a third-party SSL certificate for VPN using FMC 7x, you will need the Intermediate certificate from the Certificate Authority (CA) in addition to your server certificate.

Root Certificate: The root certificate is the highest level of trust in the certificate chain. Most devices already have a list of trusted root certificates pre-installed. FMC doesn't need the root certificate itself for verification purposes.

Intermediate Certificate: CAs often issue intermediate certificates to delegate signing authority. These certificates act as a bridge between the root certificate (highly trusted) and the server certificate (issued for your specific VPN). FMC needs the intermediate certificate to establish a complete chain of trust and validate the authenticity of your server certificate signed by the CA.

Importing Certificates:

During the FMC configuration process, you'll typically import two certificates:

-Server Certificate: This is the certificate issued by the CA specifically for your VPN server.

-Intermediate Certificate: This is the certificate from the CA that validates the server certificate.

By importing both certificates, FMC can verify the complete chain of trust and ensure secure communication for your VPN.

For more information Here and Here 

please do not forget to rate.

davparker
Level 1
Level 1

Thanks, In Objects, PKI, I added a Cert Enrollment using the Intermediate cert. I used Enrollment Type Manual, copying and pasting the Intermediate Certificate into the CA Certificate field. In the Certificate Parameters, I configured your standard info used in the csr creation. Then, in Devices | Certificates I added a new cert selecting the Device and the Cert Enrollment. Then clicked on ID to generate the csr. After generating the Identity Cert I completed the process. Worked!

Review Cisco Networking for a $25 gift card