Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
813
Views
0
Helpful
3
Replies

FTD Cert Renewal theough FMC

S891
Level 2
Level 2

‎02-22-2023 10:33 AM

Hi there,

 

Few questions here:

What is the easiest way to renew CA cert on FTD through FMC?

Does it require creating new trustpoint etc?

Is it ok to generate CSR on FMC or should I use OpenSSL? 

Is the format .crt can be imported directly or does it require conversion?

 

Any other helpful tip or gotchas will be helpful as well.  

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎02-22-2023 12:17 PM

@S891 no you don't need to use openssl to renew, you can click the renew button to generate an csr. Guide here:

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html#anc14

 

0 Helpful

S891
Level 2
Level 2
In response to Rob Ingram

‎02-22-2023 07:24 PM

 

 

Hi Rob,

Thanks for the reply. I am following the  "Manual Certificate Renewal" steps but instead of pop up giving the message "This operation will generate a CSR.." it is giving the message "Re-enrolling the certificate will clear the existing certificate from the device and install the certificate again. Are you sure, you want to re-enroll the certificate?"

0 Helpful

S891
Level 2
Level 2
In response to S891

‎02-24-2023 03:03 AM

Still trying to figure this out. I can't find a way to generate CSR for cert renewal through GUI. 

Is that a requirement that these certs on FTDs are to be in PKCS12 format?

Can I generate CSR from any other system and then once cert is received I install in .crt format or if a requirement to be in PKCS12 then convert it accordingly?

0 Helpful
Customers Also Viewed These Support Documents