Solved: VPN Identity Certificate Installation Query

MSJ1 · ‎11-14-2022

Hi,

I have a virtual fmc with version 7.0.2 (build 88) and One Device I manage from this FMC is FTD 2130 with version 7.0.0.

in FTD 2130 AnyConnect VPN Service is configured , I need to renew the existing identity cert.

Existing cert is from Digicert but new cert will be from Entrust.

I generated the cert from existing identity cert section but I see existing cert is from Digi.

in this situation, do I need to create a new cert or can renew from existing cert where is cert authority is Digi. ?

also If i need to add a complete new cert as CA Provider is changed now , do I need to install the Intermediate CA Cert and Root CA Cert at FMC ? If yes can you refer me the steps ?

Rob Ingram · ‎11-14-2022

@MSJ1 you need to create a new certificate, the FTD will need to trust the certificate chain, so you must upload both intermediate and root CA certificate. Guide:- https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html#anc9

View solution in original post

Rob Ingram · ‎11-14-2022

@MSJ1 you need to create a new certificate, the FTD will need to trust the certificate chain, so you must upload both intermediate and root CA certificate. Guide:- https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html#anc9

MSJ1 · ‎11-17-2022

@Rob Ingram Thank You. I needed to add the CA ( Inter Cert ) and Identity cert and after that called to VPN config it worked.