Installing new ssl certificate

johnnymac · ‎04-30-2007

Hi,

I have been asked to install a new ssl certifiacte on a Pix 515e. I believe the current certifcate was made in house and they now want to change this to a geotrust certificate. I've trauled through this forum and have found a few articles etc but am still unsure, Could anyone point me in the right direction?

Kind Regards

J Mack

johnnymac · ‎05-01-2007

Hi,

I'd be really grateful for some advice on this if anyone can help.

Many Thanks

J mack

sachinraja · ‎05-01-2007

Hello Johnny,

I dont see any problems in this.. anyway, what purpose are you going to use this certificate ? Do you have SSL VPNs configured or some other kind of https interface to the firewall ? This will not hamper any performance.. i hope u have the docss to enable the new certificate.. you can use the ASDM for this...

1. Import certificate

- Navigate to Properties > Certificate > Import Certificate.

- Select your trustpoint.

- Import the certificate issued to you by Verisign either by uploading the file or cut and paste.

5. Apply the certificate to a specific interface (likely your outside

interface)

- Navigate to Properties > SSL.

- At the bottom half, select the interface. Click Edit.

- Select your trustpoint.

Hope this helps.. all the best.. rate replies if found useful..

Raj

johnnymac · ‎05-01-2007

Hi,

Thanks alot for your response, the certificate is for a citrix web interface. just to clarify i'll just need a valid certifiacte from in this case from geotrust which i save locally then import through asdm?

Can i just ask what i should be selecting as my trustpoint?

Kind Regards

J Mack

sachinraja · ‎05-01-2007

hello Johnny

Have a look at this URL.. pretty useful for configuring the ASDM with citrix connectivity...

http://www.cisco.com/en/US/partner/products/ps6121/products_configuration_guide_chapter09186a0080623ab4.html

it has a step-by-step instruction... hope this helps.. let me know..

Raj

johnnymac · ‎05-01-2007

Hi,

Thanks again, sorry to be a pain but my CCO login is not working for that document? I've just logged into cisco.com fine but when navigating to that url it's asking me for my CCO and not taking it?

Regards

J Mack

sachinraja · ‎05-01-2007

Johnny

you will need to contact your cisco partner to get your PICA CCO ID. they will give u this, if u have got a lot of cisco products.. anyway , am attaching the pdf version of the document..

Hope this helps. rate replies if found useful..

Raj

johnnymac · ‎05-01-2007

Hi,

Great thank you. I have a CCO already that allows me to get lastest software, ios etc, Do I just need extra permissions or something? It's just seems strange that they let me have the good stuff like the ASDM software and hold back on docuemtation, which is useless unless you already have the hardware to configure.

Anyway, Many thanks for your help.

J Mack

johnnymac · ‎05-01-2007

Sorry, one more quick question, for aquiring the licence do I generate the hash file from the PIX?

Thanks

J Mack

Jon Marshall · ‎05-01-2007

Hi Johnny

Just for future reference. Generally you can just substitute the "partner" bit of the url ie.

Raj sent you this link

http://www.cisco.com/en/US/partner/products/ps6121/products_configuration_guide_chapter09186a0080623ab4.html

Just change the "partner" bit to "customer"

http://www.cisco.com/en/US/customer/products/ps6121/products_configuration_guide_chapter09186a0080623ab4.html

You still need you login but it should work.

HTH

Jon

johnnymac · ‎05-01-2007

Superb got straight in. Thanks a lot,

I don't suppose you know if im supposed to generate the hash file for requesting the certificate on the the PIX?

Many Thanks

J Mack

Jon Marshall · ‎05-01-2007

Hi Johnny

Glad it helped.

Attached is link to obtaining a cert for a pix firewall. Let me know if you still have problems.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946c0.shtml#obtainpix

HTH

Jon