Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
574
Views
0
Helpful
1
Replies

Using an ASA 5505 as a Certificate Authority and Distribution Point?

zibazadek
Level 1
Level 1

‎08-09-2013 08:07 AM - last edited on ‎03-25-2019 05:51 PM by Community Manager

I had a question about the limitations of an ASA 5505 and using it as CA. The setup would be as follows:

2 ASA 5520's in set up for high availability failover.

1 ASA set up with a local CA server.

If I had to set up VPN to connect to an interface on the ASA 5520's and wanted to require certificates as a secondary authentication could they use an ASA 5505 as a CA to retrieve and verify stored certificates? The issue I ran in to was not being able to set up a local CA server on the failover pair and was hoping to use an ASA 5505 with a local CA server to act as a distribution point. I have been researching various configurations similar to this but have not found definitive information if it is even possible.

If someone could verify if this is even possible and / or point me in the right direction it would be greatly appreciated.

Thank you,

Rick

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎08-17-2013 10:02 AM

You can only create self signed certificates using the ASA, or import a identity certificate from a 3rd party CA.  The ASA unfortunately can only issue user certificates to users or PCs via downloading from a website, they cannot complete CSR requests.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card