Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3939
Views
5
Helpful
2
Replies

Wildcard SSL cert on ASA

Go to solution
schostag
Level 1
Level 1

‎07-27-2009 11:35 AM

Is it possible to use a wildcard SSL cert on an ASA? That is, instead of getting a specific cert with the FQDN of the ASA, we would use the wildcard cert issued?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roman Rodichev
Level 7
Level 7

‎07-30-2009 04:32 AM

Absolutely, it's especially needed in ASA vpn load balancing environments. When you connect to a FQDN that translates to a load balancing IP, one of the ASAs will do an http redirect to its individual hostname, your browser (or AnyConnect) will attempt that connection and ASA needs to have a certificate for that specific hostname. Having a wildcard cert on all ASAs resolves this. I've got this running on several customers.

If you need help with configuration, let me know.

You can either generate private keys on the ASA (and later export it to another ASA or other non-cisco devices), or you could import an existing wildcard certificate with the private keys (in PKCS12-BASE64 format)

Regards,

Roman

View solution in original post

2 Replies 2

Go to solution
Roman Rodichev
Level 7
Level 7

‎07-30-2009 04:32 AM

Absolutely, it's especially needed in ASA vpn load balancing environments. When you connect to a FQDN that translates to a load balancing IP, one of the ASAs will do an http redirect to its individual hostname, your browser (or AnyConnect) will attempt that connection and ASA needs to have a certificate for that specific hostname. Having a wildcard cert on all ASAs resolves this. I've got this running on several customers.

If you need help with configuration, let me know.

You can either generate private keys on the ASA (and later export it to another ASA or other non-cisco devices), or you could import an existing wildcard certificate with the private keys (in PKCS12-BASE64 format)

Regards,

Roman

Go to solution
ihernandez81
Level 1
Level 1
In response to Roman Rodichev

‎10-09-2012 05:47 AM

Roman,

I'm working on an ASA5520 and want to also use wildcard certificates, but am confused on the export and import of the csr and keys...I found documentation on how to create the csr but when I try to use the csr on the entrust certificate request site, there is always information within the csr that ties it back to the asa that created the csr...i found some docs that state to leave the fqdn as "none"...any help you can provide.

0 Helpful
Customers Also Viewed These Support Documents