04-07-2010 10:49 PM
Hi,
I have been looking for the answer for a while.....
My ASA is version 8.2.1
I am planning to use ASA loca CA to ditsribute certificate for SSL VPN user.
After I create a user and email OTP, you get the E-mail like below.
(The following example is found at http://www.cisco.com/japanese/warp/public/3/jp/service/manual_j/sec/asa/caclcg4/chapter39/12172_01_39.shtml)
----------------------------------------------------------------------------------------------------------------------------------------
To: wuser6@wuser.com
Subject: Certificate Enrollment Invitation
You have been granted access to enroll for a certificate.
The credentials below can be used to obtain your certificate.
Username: wuser6@wuser.com
One-time Password: C93BBB733CD80C74
Enrollment is allowed until: 15:54:31 UTC Thu Dec 27 2006
NOTE: The one-time password is also used as the passphrase to unlock the certificate file.
Please visit the following site to obtain your certificate:
https://wu5520-FO.frdevtestad.local/+CSCOCA+/enroll.html
You may be asked to verify the fingerprint/thumbprint of the CA certificate
during installation of the certificates. The fingerprint/thumbprint should be:
MD5: 76DD1439 AC94FDBC 74A0A89F CB815ACC
SHA1: 58754FFD 9F19F9FD B13B4B02 15B3E4BE B70B5A83
-----------------------------------------------------------------------------------------------------------------------------------
My question is where the hostname (wu5520-FO.frdevtestad.local) of URL is from.
I though it is from hostname of ASA, so I changed hostname of ASA.
However the URL did not change.
Any comment would be greately appricated.
Thanks,
Taro
04-11-2010 08:32 PM
As far as Cisco document says that the hostname of the URL comes from hotname and domain name configured on ASA.
My ASA used to have the following hosname and domain name.
hostname: aaa
domain name: sample.com
Currently my ASA have the following hostname and domain name.
hostname: aaa
domain name: sampla.co.jp
I expected the URL changes aaa.sample.com to aaa .sample.co.jp, but URL stays aaa.sample.com.
Is this something which will change after rebooting ASA?
Thanks
05-24-2013 02:48 PM
Taro, did you try resetting the CA server process after changing the FQDN of the ASA? That is what is used by the ASA when sending out the email.
05-24-2013 03:16 PM
Hello Taro,
Agree with Atri,
I have not deal with this cases but it makes sense that you need to reset the CA server as it's basically using a different configuration set for the FQDN.
As soon as you enable the ASA CA capability the URL will be created based on the FQDN, so as it's up and running it will not change... That's how I see it,
Give it a try and let us know,
I think you can only remove the CA config with
clear config crypto ca server’
So be careful,
Regards
Julio
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: