cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
293
Views
5
Helpful
3
Replies
Highlighted
Beginner

FDM SSL Certificate for AnyConenct

Hi in FDM, if I want to use a SSL certificate for my WAN interface which is listening for AnyConnect incoming connections, how can I generate a CSR, I have seen some articles to use Open SSL, so if I generate a CSR by installing OpenSSL in my PC, and then get it signed from a public CA, what Trusted CA Certificate I have to move to the box? is it OPenSSL or Public CA?

 

Alos do I need to enable Enhanced key usage, Client and server authentication for the certificates? Ay other parameters I am missing?

 

Firepower 6.5.4, AnyConnect SSL VPN

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: FDM SSL Certificate for AnyConenct

Yes, should do...but same as the ASA, currently you cannot generate a SAN certificate from FTD/FDM. You would have to use openssl to generate the CSR and then import the signed certificate.

View solution in original post

3 REPLIES 3
Highlighted
VIP Advisor

Re: FDM SSL Certificate for AnyConenct

Hi,
Yes, you can generate the certificate using openssl, then you get the CSR signed by the public CA. Then you need to import the signed identity certificate and the Public CA's Root certificate(s) via FDM.

Client and Server authentication should be fine, you don't need any additional parameters.

HTH
Highlighted
Beginner

Re: FDM SSL Certificate for AnyConenct

Thanks @Rob Ingram Any idea whether a SAN certificate will fit in here.

Highlighted
VIP Advisor

Re: FDM SSL Certificate for AnyConenct

Yes, should do...but same as the ASA, currently you cannot generate a SAN certificate from FTD/FDM. You would have to use openssl to generate the CSR and then import the signed certificate.

View solution in original post