10-09-2012 03:13 AM
Hello everyone,
I'm currently dealing with a problem related to the integration between the a cisco ASA 5510 and an AD Microsoft CA on a Windows2008R2.
I'm basically trying to enroll the ASA in the CA and get a certificate for the ASA to use for SSL VPNs.
I'm using SCEP enrollment and I've set up NDEP on the Win2008 CA.
Everything seems to be working just fine and I get the certificate but If I assign it to the interface, first the client receives a warning and then a blank page is shown (everything works just fine with the ASA self-signed certificate).
The problem looks like to be related to the purpose of the keys (key usage field) which is not Server authentication.
The certificate is automatically generated using the IPSec (offline) template.
Does anyone know how to get a working certificate?
Valerio Galantini
10-09-2012 05:37 AM
Hi Valerio,
Instead of doing it via SCEP, I would recommend to you to go to: http://yourserverip/certsrv, pick up the correct template (Web server) and enroll the ASA manually.
ASA 8.x Manually Install 3rd Party Vendor Certificates for use with WebVPN Configuration Example
Thanks.
Portu.
Please rate any helpful posts.
10-09-2012 07:48 AM
Hi Javier,
thanks for your answer. I've already tried to export the csr and use it to get a certificate off-line but when I submit the csr to the CA I get an error that says that no template information is contained in the request.
I guess I just have to post the problem to Micorosoft I think anyway that a guide by Cisco like the one for the Win2003 CA would be helpfull though..
10-09-2012 07:58 AM
Valerio,
I agree with you.
We are working on updating our docs.
Thanks.
Portu.
Please rate any helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide