Im trying to replace site VPN using PSK with certificates. We have an internal CA that I am using.
I found a similar post here but when I deploy, the FMS shows deploy error on the head end FTD saying the cert needs to be enrolled.
is there a document on how to config site to site using FTDs managed by FMC and using certs rather than PSK
@michael18 yes you need to enroll the certificates via the FMC to install on the FTD.
thanks for the info. ive followed sections, Manual Enrolment and Manual Certificate Renewal
I can see the cert on the remote FTD now via cli but when I change the config to use the cert the FMC still shows the error when deploying the change