cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
91
Views
0
Helpful
1
Replies
Highlighted
Contributor

Question about customer provided Cert without CSR/private-key

I'm pretty sure I know the answer to this, but I thought I would ask anyway.  I get customers all the time who want me to install a certificate onto their ASA, which they already purchased.  Often it's a wild-card cert (ugh), but regardless, I always get the same response when I ask for the private key or CSR,.. "I don't understand" or "I don't have that" or "I only have the zip file from GoDaddy". ugh....

 

Is there a way to use a private-key/CSR which is generated after the public cert has been created/signed by the CA?  I'm 99.9% sure the answer is no, but I thought I would ask.  If it were possible I know it would be a hack, and yes just using a self-signed cert would be easier, but sometimes it's just not worth the hassle of trying to explain.

1 REPLY 1
Highlighted
Hall of Fame Guru

Re: Question about customer provided Cert without CSR/private-key

You absolutely need the private key - whether the certificate is a wildcard or host-specific. It's fundamental to the concept of PKI.

I usually try to give the customer a 2-3 minute explanation of PKI concepts when they come back with the common replies such as you mentioned.