Solved: Anyconnect and certificates - multiple domains

Nathan Farrar · ‎03-28-2017

I think I'm out of luck on this one and I am hoping someone can give me some options here.

I have already purchased multiple single domain certificates for my Anyconnect deployment. The thing is, they are for different domains. I was planning on having these all installed on a few vASAs that I have in Azure. What I didn't know and should have researched is that we can only assign one certificate to an interface at a time. Which means I am not limited to using only one certificate. This is a bit problematic.

First I want to confirm that this is still the case or if there is some kind of work around. Second, I'm looking for options to be able to fix this issue. I have an AD server in the environment that could be used if that is helpful.

To sum it up:

I have vpn.domain1.com, vpn.domain2.com and vpn.domain3.com. All now have purchased certificates and all need to connect to the same vASA in Azure.

Ideas?

Shakti Kumar · ‎03-29-2017

Hi,

this is currently an enhancement.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsk55139/?reffering_site=dumpcr

You can still go for wildcard certificates as a workaround

thanks

Shakti

View solution in original post

Shakti Kumar · ‎03-29-2017

Hi,

this is currently an enhancement.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsk55139/?reffering_site=dumpcr

You can still go for wildcard certificates as a workaround

thanks

Shakti

Nathan Farrar · ‎03-29-2017

Thanks Shankti,

A follow up question. If I have two ASAv instances. Can I use a single wildcard certificate for both?

ASAv-1 - vpnus.somedomain.com

ASAv-2 - vpneu.somedomain.com

Or would I have to purchase two separate certificates, a CSR from each?

Shakti Kumar · ‎03-29-2017

Hi,

Yes that should work fine without any issues.

Thanks

Shakti