Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3869
Views
0
Helpful
3
Replies

ASA Local CA certificate enrollment invitation

taroyamada9999
Level 1
Level 1

‎04-07-2010 10:49 PM

Hi,

I have been looking for the answer for a while.....

My ASA is version 8.2.1

I am planning to use ASA loca CA to ditsribute certificate for SSL VPN user.

After I create a user and email OTP, you get the E-mail like below.

(The following example is found at http://www.cisco.com/japanese/warp/public/3/jp/service/manual_j/sec/asa/caclcg4/chapter39/12172_01_39.shtml)

----------------------------------------------------------------------------------------------------------------------------------------

Date: 12/22/06

To: wuser6@wuser.com

From: Wuseradmin

Subject: Certificate Enrollment Invitation

You have been granted access to enroll for a certificate.

The credentials below can be used to obtain your certificate.

Username: wuser6@wuser.com
One-time Password: C93BBB733CD80C74

Enrollment is allowed until: 15:54:31 UTC Thu Dec 27 2006

NOTE: The one-time password is also used as the passphrase to unlock the certificate file.

Please visit the following site to obtain your certificate:

https://wu5520-FO.frdevtestad.local/+CSCOCA+/enroll.html

You may be asked to verify the fingerprint/thumbprint of the CA certificate

during installation of the certificates. The fingerprint/thumbprint should be:

MD5: 76DD1439 AC94FDBC 74A0A89F CB815ACC

SHA1: 58754FFD 9F19F9FD B13B4B02 15B3E4BE B70B5A83

-----------------------------------------------------------------------------------------------------------------------------------

My question is where the hostname (wu5520-FO.frdevtestad.local) of URL is from.

I though it is from hostname of ASA, so I changed hostname of ASA.

However the URL did not change.

Any comment would be greately appricated.

Thanks,

Taro

Labels:
0 Helpful
3 Replies 3

taroyamada9999
Level 1
Level 1

‎04-11-2010 08:32 PM

As far as Cisco document says that the hostname of the URL comes from hotname and domain name configured on ASA.

My ASA used to have the following hosname and domain name.

hostname: aaa

domain name: sample.com

Currently my ASA have the following hostname and domain name.

hostname: aaa

domain name: sampla.co.jp

I expected the URL changes aaa.sample.com to aaa .sample.co.jp, but URL stays aaa.sample.com.

Is this something which will change after rebooting ASA?

Thanks

0 Helpful

Atri Basu
Cisco Employee
Cisco Employee
In response to taroyamada9999

‎05-24-2013 02:48 PM

Taro, did you try resetting the CA server process after changing the FQDN of the ASA? That is what is used by the ASA when sending out the email.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to taroyamada9999

‎05-24-2013 03:16 PM

Hello Taro,

Agree with Atri,

I have not deal with this cases but it makes sense that you need to reset the CA server as it's basically using a different configuration set for the FQDN.

As soon as you enable the ASA CA capability the URL will be created based on the FQDN, so as it's up and running it will not change... That's how I see it,

Give it a try and let us know,

I think you can only remove the CA config with

clear config crypto ca server’

So be careful,

Regards

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents