Cisco Community
English
Register
Congratulate December's Spotlight Awardees. CLICK HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
94
Views
0
Helpful
3
Replies
Highlighted
darreng
Beginner
Beginner
‎01-05-2016 09:14 AM
‎01-05-2016 09:14 AM

Certificate Enrollment

Would someone be kind enough to clarify a minor point for me. If I have an ASA with a FQDN of asa1.mycompany.com and I wish to terminate Anyconnect sessions on it pointing to the DNS entry of sslvpn.mycompany.com. When generating my Identity Cert, does the CN field = the FQDN of the ASA or the VPN etc. I just want to make sure that I generate the certificate request correctly before sending to the CA. Slighly unsure whether it makes a difference. Regards Darren
Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Diego Lopez
Beginner
Beginner
In response to darreng
‎01-05-2016 01:34 PM
‎01-05-2016 01:34 PM

If you find this helpful please rate, thanks! :)

View solution in original post

0 Helpful
Reply
3 REPLIES 3
Highlighted
Diego Lopez
Beginner
Beginner
‎01-05-2016 10:40 AM
‎01-05-2016 10:40 AM

Hello

The CN field should be the VPN domain"sslvpn.mycompany.com".

You can follow this documentation to get the CSR, install the certificate and apply it to the proper interface:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107956-renew-ssl.html

0 Helpful
Reply
Highlighted
darreng
Beginner
Beginner
In response to Diego Lopez
‎01-05-2016 11:44 AM
‎01-05-2016 11:44 AM

Thank you for clarifying. 

Regards

Darren

0 Helpful
Reply
Highlighted
Diego Lopez
Beginner
Beginner
In response to darreng
‎01-05-2016 01:34 PM
‎01-05-2016 01:34 PM

If you find this helpful please rate, thanks! :)

View solution in original post

0 Helpful
Reply
Latest Contents
#CiscoChat Live: Accelerating your security maturation journ...
Created by Kelli Glass on 01-15-2021 04:48 PM
0
0
0
0
Join us live on Tuesday, January 19 at 10:00 am PT (and on demand after) as we discuss the latest version of ATT&CK and the expansion of TTPs in v8.  As a security expert, you are tasked with protecting your environment. You see the value of... view more
#CiscoChat Live: Accelerating your security maturation journ...
Created by Kelli Glass on 01-15-2021 04:46 PM
0
0
0
0
Join us live on Tuesday, January 19 at 10:00 am PT (and on demand after) as we discuss the latest version of ATT&CK and the expansion of TTPs in v8.  As a security expert, you are tasked with protecting your environment. You see the value of... view more
What's New for Cisco Defense Orchestrator (CDO)
Created by Andrew Mallio on 01-15-2021 06:09 AM
1
40
1
40
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.  We make improvement... view more
Serious problem with Object Groups + Access Policies in FMC
Created by mhmservice on 01-15-2021 04:31 AM
0
0
0
0
Hi allI've been having a major problem with Object Groups in FMC access policiesIf I have a pre-existing line in a policy with an Object Group which contains a list of IPs, if I add an additional IP to that object group, then deploy, the traffic is still ... view more
No cts dot1x command in interface configuration mode
Created by tanzhy on 01-14-2021 01:49 AM
3
0
3
0
Anyone know why there are no cts dot1x command in interface configure mode?I  just find cts manual and cts role-based command      Hardware is  C9300-48PSoftware is   Cisco IOS XE Software, Version 16.12.04License i... view more
Content for Community-Ad