Solved: What is relation between CA certificate and identity certificate ?

eigrpy · ‎08-08-2015

Hi When I try to configure ASA through ASDM. There are CA certificate and identity certificate in the ASDM. Please see the picture in attachment. Anyone can explain the difference and relation between CA certificate and identity certificate ? Thank you

Dinesh Moudgil · ‎08-10-2015

CA certificates are those certificates which have enough privileges to authenticate an entity. Whereas Identity certificates are those certificates which define your identity/uniqueness.

For example, if you get a certificate from GoDaddy, then the certificate that you received displays your identity and is unique in nature, thus it is called Identity certificate.

However, if you open that certificate and look at the certification authority that provided you the certificate, that we will be your CA certificate.

In essence, normally you will have Identity certificate and if you wish to add popular 3rd party CA authorities, then you will need to upload that certificate in "CA Certificate" section rather than "Identity Certificates"

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

Dinesh Moudgil · ‎08-10-2015

If you get a certificate from CA that is given to "vpn.xyz.com" , since this define ASA's identity, you need to add that in "Identity Certificate".
i.e. add the certificates that you requested to CA in "Identity Certificate" section.

Example, you have a certificate :
Issued to : abc.cisco.com
Issued by : Verisign (hypothetically)

If you open this certificate , you will see CA certificate which will have
Issued to : Verisign
Issued by : Verisign
This is CA certificate. You need to add the former in ID section and latter in CA section.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

Dinesh Moudgil · ‎08-10-2015

CA certificates are those certificates which have enough privileges to authenticate an entity. Whereas Identity certificates are those certificates which define your identity/uniqueness.

For example, if you get a certificate from GoDaddy, then the certificate that you received displays your identity and is unique in nature, thus it is called Identity certificate.

However, if you open that certificate and look at the certification authority that provided you the certificate, that we will be your CA certificate.

In essence, normally you will have Identity certificate and if you wish to add popular 3rd party CA authorities, then you will need to upload that certificate in "CA Certificate" section rather than "Identity Certificates"

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

eigrpy · ‎08-10-2015

Thank you so much for your reply. It is very good explanation.

In the ASDM, we can add certificate from Identity certificate and CA certificate. So, in what situation do we add certificate from "identity certificate" ?

Dinesh Moudgil · ‎08-10-2015

If you get a certificate from CA that is given to "vpn.xyz.com" , since this define ASA's identity, you need to add that in "Identity Certificate".
i.e. add the certificates that you requested to CA in "Identity Certificate" section.

Example, you have a certificate :
Issued to : abc.cisco.com
Issued by : Verisign (hypothetically)

If you open this certificate , you will see CA certificate which will have
Issued to : Verisign
Issued by : Verisign
This is CA certificate. You need to add the former in ID section and latter in CA section.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

eigrpy · ‎08-10-2015

Excellent Thank you