Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
791
Views
0
Helpful
1
Replies

Question about customer provided Cert without CSR/private-key

derek.small
Level 5
Level 5

‎05-22-2020 02:46 PM

I'm pretty sure I know the answer to this, but I thought I would ask anyway.  I get customers all the time who want me to install a certificate onto their ASA, which they already purchased.  Often it's a wild-card cert (ugh), but regardless, I always get the same response when I ask for the private key or CSR,.. "I don't understand" or "I don't have that" or "I only have the zip file from GoDaddy". ugh....

 

Is there a way to use a private-key/CSR which is generated after the public cert has been created/signed by the CA?  I'm 99.9% sure the answer is no, but I thought I would ask.  If it were possible I know it would be a hack, and yes just using a self-signed cert would be easier, but sometimes it's just not worth the hassle of trying to explain.

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-22-2020 08:42 PM - edited ‎05-22-2020 08:43 PM

You absolutely need the private key - whether the certificate is a wildcard or host-specific. It's fundamental to the concept of PKI.

I usually try to give the customer a 2-3 minute explanation of PKI concepts when they come back with the common replies such as you mentioned.

0 Helpful
Customers Also Viewed These Support Documents