04-30-2007 07:20 AM - edited 03-11-2019 03:06 AM
Hi,
I have been asked to install a new ssl certifiacte on a Pix 515e. I believe the current certifcate was made in house and they now want to change this to a geotrust certificate. I've trauled through this forum and have found a few articles etc but am still unsure, Could anyone point me in the right direction?
Kind Regards
J Mack
05-01-2007 12:10 AM
Hi,
I'd be really grateful for some advice on this if anyone can help.
Many Thanks
J mack
05-01-2007 12:26 AM
Hello Johnny,
I dont see any problems in this.. anyway, what purpose are you going to use this certificate ? Do you have SSL VPNs configured or some other kind of https interface to the firewall ? This will not hamper any performance.. i hope u have the docss to enable the new certificate.. you can use the ASDM for this...
1. Import certificate
- Navigate to Properties > Certificate > Import Certificate.
- Select your trustpoint.
- Import the certificate issued to you by Verisign either by uploading the file or cut and paste.
5. Apply the certificate to a specific interface (likely your outside
interface)
- Navigate to Properties > SSL.
- At the bottom half, select the interface. Click Edit.
- Select your trustpoint.
Hope this helps.. all the best.. rate replies if found useful..
Raj
05-01-2007 12:49 AM
Hi,
Thanks alot for your response, the certificate is for a citrix web interface. just to clarify i'll just need a valid certifiacte from in this case from geotrust which i save locally then import through asdm?
Can i just ask what i should be selecting as my trustpoint?
Kind Regards
J Mack
05-01-2007 01:09 AM
hello Johnny
Have a look at this URL.. pretty useful for configuring the ASDM with citrix connectivity...
it has a step-by-step instruction... hope this helps.. let me know..
Raj
05-01-2007 01:20 AM
Hi,
Thanks again, sorry to be a pain but my CCO login is not working for that document? I've just logged into cisco.com fine but when navigating to that url it's asking me for my CCO and not taking it?
Regards
J Mack
05-01-2007 01:25 AM
05-01-2007 01:30 AM
Hi,
Great thank you. I have a CCO already that allows me to get lastest software, ios etc, Do I just need extra permissions or something? It's just seems strange that they let me have the good stuff like the ASDM software and hold back on docuemtation, which is useless unless you already have the hardware to configure.
Anyway, Many thanks for your help.
J Mack
05-01-2007 02:01 AM
Sorry, one more quick question, for aquiring the licence do I generate the hash file from the PIX?
Thanks
J Mack
05-01-2007 02:02 AM
Hi Johnny
Just for future reference. Generally you can just substitute the "partner" bit of the url ie.
Raj sent you this link
Just change the "partner" bit to "customer"
You still need you login but it should work.
HTH
Jon
05-01-2007 02:36 AM
Superb got straight in. Thanks a lot,
I don't suppose you know if im supposed to generate the hash file for requesting the certificate on the the PIX?
Many Thanks
J Mack
05-01-2007 02:47 AM
Hi Johnny
Glad it helped.
Attached is link to obtaining a cert for a pix firewall. Let me know if you still have problems.
HTH
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide