Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2616
Views
10
Helpful
4
Replies

Firepower anyconnect certificate

Go to solution
Amills
Level 1
Level 1

‎08-30-2021 06:31 PM

I'm trying to configure anyconnect and I'm getting hung up on the certificate part. It says I can get a cert from a trusted CA, such as GoDaddy. On the old ASA firewalls I'd generate a CSR and get GoDaddy to sign it but none of the tutorials on setting up Anyconnect go through a CSR generation steps, it just says, "obtain them from a trusted Certificate Authority". 

I'm a bit confused how to go about getting a certificate. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
4 Replies 4

Go to solution
Amills
Level 1
Level 1
In response to Rob Ingram

‎08-31-2021 12:51 PM

3. Specify a Name for the trustpoint and under the CA Information tab, select Enrollment Type: Manual. Enter the pem format certificate of the CA that will be used to sign the Identity Certificate. If this certificate is not available or known at this time, add any CA certificate as a placeholder, and once the identity certificate is issued repeat this step to add the real issuing CA as shown in the image

 

What does this mean? I went through the steps and got a CSR but how do I got back and repeat that step? Does it mean to make a new Certificate and then use the ID cert I just got from GoDaddy and copy and paste that pem format certificate in?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Amills

‎09-01-2021 12:36 AM

@Amills 

Looks like you cannot go back to the Cert Enrollment object and add the CA certificate later.

What you could do is create another Cert Enrollment object, select Enrollment Type as Manual, tick the box "CA Only" and paste the CA certificate. Go to Devices > Certificates and deploy this CA Only object to your FTD.

Go to solution
Aref Alsouqi
VIP
VIP

‎09-01-2021 12:52 AM

Please take a look at this post of mine on my blog and let me know if it helps, you can change the enrolment type:

FMC AnyConnect SSL VPN | Blue Network Security (bluenetsec.com)

Also, if you fancy reading please check out our book at:

Amazon.com: CCIE/CCNP Security Exam 300-710: Securing Networks with Cisco Firepower (SNCF): Volume II (Todd Lammle Authorized Study Guides): 9798711168409: Lammle, Todd, Robb, Donald, Alsouqi, Aref: Books 

0 Helpful
Customers Also Viewed These Support Documents