cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

(Podcast) Using Certificates on the ASA and IOS platforms

4947
Views
5
Helpful
2
Comments
Community Manager

Have you had an opportunity to catch the latest Podcast from TAC security?

The Cisco TAC Security Podcast Series is  created by Cisco TAC engineers.  Each episode provides an in-depth  technical discussion of Cisco product security features, with emphasis  on troubleshooting.

Find them all at http://www.cisco.com/en/US/solutions/ns170/tac/security_tac_podcasts.html


TAC Security Show Podcasts

Episode 15:Using Certificates on the ASA and IOS platforms

Speakers: Jay Johnston, Magnus Mortensen, David White Jr., Blayne Dreier, Jay Young-Taylor

This episode is all about digital  certificates and how they can be used on the ASA and IOS platforms. The  discussion starts with the basic concepts behind certificates and PKI,  as well as the motivations for using certificate authentication. The  discussion continues with best practices (such as backing up keypairs  and trustpoints) and common customer problems and TAC cases.
Listen Now (MP3 - 23.9 MB; 33:09 mins)
http://www.cisco.com/en/US/solutions/ns170/tac/episode15_notes.html

SHOW NOTES:

Using certificates on the ASA platform (ASA 8.3 CLI guide)

3rd party vendor digital certificate on the ASA:

ASA and IOS Certificate Backup and Installation - Trustpoints

Cisco IOS Certificate Server Configuration

How to obtain a Digital Certificate from a Microsoft Windows CA using ASDM on an ASA

2 Comments
Beginner

Hi everyone,

I have a question regarding this topic. How can I include an Alternative Name (SAN) in an ASA's Certificate Signing Request?

Beginner

Well this is not possible because of the following bug--

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCso70867

As per the workaround is--

Workaround:

The workaround would be to use OpenSSL to generate CSR and keys. Once the certificate is received from CA, it should be combined with the key in OpenSSL to create pkcs12 file. After the file is created, it should be imported into ASA.

Hope that answers your query.

Thanks