11-14-2022 12:40 PM
Hi,
I have a virtual fmc with version 7.0.2 (build 88) and One Device I manage from this FMC is FTD 2130 with version 7.0.0.
in FTD 2130 AnyConnect VPN Service is configured , I need to renew the existing identity cert.
Existing cert is from Digicert but new cert will be from Entrust.
I generated the cert from existing identity cert section but I see existing cert is from Digi.
in this situation, do I need to create a new cert or can renew from existing cert where is cert authority is Digi. ?
also If i need to add a complete new cert as CA Provider is changed now , do I need to install the Intermediate CA Cert and Root CA Cert at FMC ? If yes can you refer me the steps ?
Solved! Go to Solution.
11-14-2022 12:44 PM
@MSJ1 you need to create a new certificate, the FTD will need to trust the certificate chain, so you must upload both intermediate and root CA certificate. Guide:- https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html#anc9
11-14-2022 12:44 PM
@MSJ1 you need to create a new certificate, the FTD will need to trust the certificate chain, so you must upload both intermediate and root CA certificate. Guide:- https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html#anc9
11-17-2022 06:20 AM
@Rob Ingram Thank You. I needed to add the CA ( Inter Cert ) and Identity cert and after that called to VPN config it worked.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: