Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
319
Views
0
Helpful
3
Replies

FTD SCEP multiple SANs

jturner2720
Level 1
Level 1

‎02-20-2024 09:51 AM

With the talk of certificate lifetimes dropping to 90 days, we're looking at ways to automate certificate provisioning.

I see in the FMC GUI that there's an option to use SCEP to retrieve certificates automatically, but I don't see anywhere where you can specify the SANs in the certificate. With the current manual approach, we put all the hostnames of the various nodes involved in the SSL VPN as potentially any could be used.

Am I missing something, or is this just something SCEP can't do? What do other people running VPNs do for their certificates? (Just the certificate for the device(s), rather than client authentication).

Thanks in advance.

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎02-20-2024 10:06 AM - edited ‎02-20-2024 10:16 AM

It must appear in enrollment type' what option you have ?

If you dont see it what is fmc ver. You have 

MHM

0 Helpful

jturner2720
Level 1
Level 1
In response to MHM Cisco World

‎02-21-2024 01:35 AM

SCEP appears as an enrolment type, it's being able to configure options therein that I was asking about.

We're running 7.4.1.

0 Helpful

tvotna
Spotlight
Spotlight

‎02-20-2024 11:48 AM

SCEP can do that, but ASA/FTD cannot. Generate certificate somewhere else and then import it to all FTD nodes.

0 Helpful
Customers Also Viewed These Support Documents