cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3147
Views
5
Helpful
3
Replies
Highlighted

Windows 2008R2 - ASA SSL certificate problem

Hello everyone,

I'm currently dealing with a problem related to the integration between the a cisco ASA 5510 and an AD Microsoft CA on a Windows2008R2.

I'm basically trying to enroll the ASA in the CA and get a certificate for the ASA to use for SSL VPNs.

I'm using SCEP enrollment and I've set up NDEP on the Win2008 CA.

Everything seems to be working just fine and I get the certificate but If I assign it to the interface, first the client receives a warning and then a blank page is shown (everything works just fine with the ASA self-signed certificate).

The problem looks like to be related to the purpose of the keys (key usage field) which is not Server authentication.

The certificate is automatically generated using the IPSec (offline) template.

Does anyone know how to get a working certificate?

Valerio Galantini

3 REPLIES 3
Highlighted

Re: Windows 2008R2 - ASA SSL certificate problem

Hi Valerio,

Instead of doing it via SCEP, I would recommend to you to go to: http://yourserverip/certsrv, pick up the correct template (Web server) and enroll the ASA manually.

ASA 8.x Manually Install 3rd Party  Vendor Certificates for use with WebVPN Configuration Example

Thanks.

Portu.

Please rate any helpful posts.

Highlighted

Re: Windows 2008R2 - ASA SSL certificate problem

Hi Javier,

thanks for your answer. I've already tried to export the csr and use it to get a certificate off-line but when I submit the csr to the CA I get an error that says that no template information is contained in the request.

I guess I just have to post the problem to Micorosoft I think anyway that a guide by Cisco like the one for the Win2003 CA would be helpfull though..

Highlighted

Re: Windows 2008R2 - ASA SSL certificate problem

Valerio,

I agree with you.

We are working on updating our docs.

Thanks.

Portu.

Please rate any helpful posts.