03-28-2017 07:12 PM - edited 02-21-2020 09:13 PM
I think I'm out of luck on this one and I am hoping someone can give me some options here.
I have already purchased multiple single domain certificates for my Anyconnect deployment. The thing is, they are for different domains. I was planning on having these all installed on a few vASAs that I have in Azure. What I didn't know and should have researched is that we can only assign one certificate to an interface at a time. Which means I am not limited to using only one certificate. This is a bit problematic.
First I want to confirm that this is still the case or if there is some kind of work around. Second, I'm looking for options to be able to fix this issue. I have an AD server in the environment that could be used if that is helpful.
To sum it up:
I have vpn.domain1.com, vpn.domain2.com and vpn.domain3.com. All now have purchased certificates and all need to connect to the same vASA in Azure.
Ideas?
Solved! Go to Solution.
03-29-2017 08:31 AM
Hi,
this is currently an enhancement.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsk55139/?reffering_site=dumpcr
You can still go for wildcard certificates as a workaround
thanks
Shakti
03-29-2017 08:31 AM
Hi,
this is currently an enhancement.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsk55139/?reffering_site=dumpcr
You can still go for wildcard certificates as a workaround
thanks
Shakti
03-29-2017 06:59 PM
Thanks Shankti,
A follow up question. If I have two ASAv instances. Can I use a single wildcard certificate for both?
ASAv-1 - vpnus.somedomain.com
ASAv-2 - vpneu.somedomain.com
Or would I have to purchase two separate certificates, a CSR from each?
03-29-2017 07:36 PM
Hi,
Yes that should work fine without any issues.
Thanks
Shakti
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide