Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1976
Views
5
Helpful
3
Replies

FDM SSL Certificate for AnyConenct

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni

‎03-30-2020 02:48 PM

Hi in FDM, if I want to use a SSL certificate for my WAN interface which is listening for AnyConnect incoming connections, how can I generate a CSR, I have seen some articles to use Open SSL, so if I generate a CSR by installing OpenSSL in my PC, and then get it signed from a public CA, what Trusted CA Certificate I have to move to the box? is it OPenSSL or Public CA?

 

Alos do I need to enable Enhanced key usage, Client and server authentication for the certificates? Ay other parameters I am missing?

 

Firepower 6.5.4, AnyConnect SSL VPN

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to Arshad Safrulla

‎04-07-2020 04:04 AM

Yes, should do...but same as the ASA, currently you cannot generate a SAN certificate from FTD/FDM. You would have to use openssl to generate the CSR and then import the signed certificate.

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎03-30-2020 03:19 PM

Hi,
Yes, you can generate the certificate using openssl, then you get the CSR signed by the public CA. Then you need to import the signed identity certificate and the Public CA's Root certificate(s) via FDM.

Client and Server authentication should be fine, you don't need any additional parameters.

HTH
0 Helpful

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni
In response to Rob Ingram

‎04-07-2020 03:57 AM

Thanks @Rob Ingram Any idea whether a SAN certificate will fit in here.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Arshad Safrulla

‎04-07-2020 04:04 AM

Yes, should do...but same as the ASA, currently you cannot generate a SAN certificate from FTD/FDM. You would have to use openssl to generate the CSR and then import the signed certificate.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents