cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
330
Views
0
Helpful
2
Replies

VPN Identity Certificate Installation Query

MSJ1
Beginner
Beginner

Hi,

I have a virtual fmc with version 7.0.2 (build 88) and One Device I manage from this FMC is FTD 2130 with version 7.0.0.

in FTD 2130 AnyConnect VPN Service is configured , I need to renew the existing identity cert.

Existing cert is from Digicert but new cert will be from Entrust.

I generated the cert from existing identity cert section but I see existing cert is from Digi.

in this situation, do I need to create a new cert or can renew from existing cert where is cert authority is Digi. ?

also If i  need to add a complete new cert as CA Provider is changed now , do I need to install the Intermediate CA Cert and Root CA Cert at FMC ? If yes can you refer me the steps ?

1 Accepted Solution

Accepted Solutions

Rob Ingram
VIP Expert VIP Expert
VIP Expert

@MSJ1 you need to create a new certificate, the FTD will need to trust the certificate chain, so you must upload both intermediate and root CA certificate. Guide:- https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html#anc9

 

View solution in original post

2 Replies 2

Rob Ingram
VIP Expert VIP Expert
VIP Expert

@MSJ1 you need to create a new certificate, the FTD will need to trust the certificate chain, so you must upload both intermediate and root CA certificate. Guide:- https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html#anc9

 

@Rob Ingram Thank You. I needed to add the CA ( Inter Cert ) and Identity cert and after that called to VPN config it worked.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers