ASA Local CA OTP E-mail Enrollment with an IP Address

Michael Wollner · ‎11-23-2010

Hello,

I have configured the local CA Server on a ASA 8.2.2.

I want to use the rollout feature via Email OTP. When I received this email I always see this URL:

https://<ASA HOSTNAME>/+CSOCSA+/enroll.html

My questions:

1. How can I change the Hostname to the IP address of the outside interface?

2. Can i somehow edit the e-mail template directly on the ASA?

I do not want to use a DNS name in the URL.

Thanks in advance

jan.nielsen · ‎11-23-2010

Use a name, you will get certificate errors if you don't use the name of the asa and the cn in its cert is the same.

Michael Wollner · ‎11-24-2010

I don't use a trusted certificate, so I don't care about the errors with the certificate.

Herbert Baerten · ‎11-29-2010

Hi Michael,

as far as I know it is not possible to customize the URL in the email sent by the local CA, i.e. it will always use the ASA's FQDN.

You may want to discuss this with your CAM or SE, they can submit a feature request to make this customizable.

regards

Herbert