Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
742
Views
10
Helpful
3
Replies

Migrating Self signed Cert ASA 5545 to FTD 2130

Go to solution
Alemend88
Level 1
Level 1

‎07-31-2020 01:17 AM

Hi, Im just wondering if someone could shine some light on my case. Im in the middle of a migration  from an ASA 5545 to a FTD-2130 the ftd will be my DR site and some applications are using  the self singed certificate of the ASA. My question is : can I migrate the self signed certificate of the Asa to the Ftd, even thou when the hostname and IP address will be diferent in my ftd? If that is possible should I import the self singed as a pcks12 file and installing in the FTD? I hope someone can answer my question.

 

 

Thank  you very much!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Alemend88

‎07-31-2020 02:41 AM

Yes, you can go to fmc > devices > #select the box# > select the 1st tab
and edit the device name.

**** please remember to rate useful posts

View solution in original post

3 Replies 3

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎07-31-2020 01:23 AM

Hi, let me remind you that self signed isn't best practice.

Coming to your question, if your private key is exportable then you can
export as p12 and import it in ftd. Otherwise no way of doing it.

If the name of ftd isn't same as the certificate cn, it will be imported
but you still get certificate errors (you have to match ftd fqdn with
certificate cn).

Go to solution
Alemend88
Level 1
Level 1
In response to Mohammed al Baqari

‎07-31-2020 01:57 AM

Hi Mohammed, thanks for the advise, actually we are pushing hard to get a CA singed by a 3rd party. And the self signed its my last bullet, I was able to exported to pcks12 and imported in the ftd however Im getting the error, and I guess its because of the mismatch of the ftd fqdn and the cn , its there a way to change it from the FMC or only from CLI?  

 

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Alemend88

‎07-31-2020 02:41 AM

Yes, you can go to fmc > devices > #select the box# > select the 1st tab
and edit the device name.

**** please remember to rate useful posts
Customers Also Viewed These Support Documents