Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2796
Views
42
Helpful
7
Replies

For FPR 1010 SSL VPN setup, How to generate CSR request for Trusted CA

Go to solution
hiren.bhalala
Level 1
Level 1

‎03-08-2022 07:17 AM

For FPR 1010 SSL VPN setup, How to generate CSR request for Trusted CA

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to hiren.bhalala

‎03-08-2022 08:09 AM

@hiren.bhalala ok understand. There is no option to create a CSR in the FDM, even in version 7.1. You would need to use openssl to generate the CSR and private key, get the CSR signed by the public CA, then import (with the private key).

 

 

  • Login to the CLI of the FTD
  • Type expert to enter expert mode
  • Type openssl genrsa -out FTD.key 2048 to generate a private key
  • Type openssl req -new -key FTD.key -out FTD.csr to create a CSR file

 

View solution in original post

7 Replies 7

Go to solution
Rob Ingram
VIP
VIP

‎03-08-2022 07:21 AM

@hiren.bhalala are you using FDM or FMC for management of the FTD?

 

Here is the guide for FMC

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html

 

For FDM just go to Objects > Certificates > Add Internal Certificate to create a self signed certificate.

 

Go to solution
hiren.bhalala
Level 1
Level 1
In response to Rob Ingram

‎03-08-2022 08:06 AM

I'm using FDM. I tried to use internal certificate. But when I'm connecting to VPN from anyconnect client, it's giving me the certificate error to accept risk. SO that's why I'm planning to get SSL certificate from trusted CA. Abd for that, CA is asking me to create a CSR request from cisco.

Go to solution
Rob Ingram
VIP
VIP
In response to hiren.bhalala

‎03-08-2022 08:09 AM

@hiren.bhalala ok understand. There is no option to create a CSR in the FDM, even in version 7.1. You would need to use openssl to generate the CSR and private key, get the CSR signed by the public CA, then import (with the private key).

 

 

  • Login to the CLI of the FTD
  • Type expert to enter expert mode
  • Type openssl genrsa -out FTD.key 2048 to generate a private key
  • Type openssl req -new -key FTD.key -out FTD.csr to create a CSR file

 

Go to solution
hiren.bhalala
Level 1
Level 1
In response to Rob Ingram

‎03-08-2022 08:27 AM

I followed all the step you provided and it worked with sudo command. Now can you tell me if possible please, how can I get that CSR file from firewall?

Go to solution
Rob Ingram
VIP
VIP
In response to hiren.bhalala

‎03-08-2022 08:41 AM

@hiren.bhalala use scp to copy the csr and private key off

 

scp -r FILENAME username@ipaddress:/

Go to solution
hiren.bhalala
Level 1
Level 1
In response to Rob Ingram

‎03-09-2022 09:04 AM

Thanks for you help. I successflly created the csr request and I just open the file using the CAT command in cico firewall and then I did copy-paste. Thanks again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents