06-02-2008 03:26 AM
Hi,
I want to configure a site-to-site VPN with digital certificates.
How can I install a CA on the ASA 5520? The ASA must use the certificate from the local CA and also use the public certificate from the VPN server on the other side of the tunnel.
On the ASA is IOS 8.0(3) installed.
Thanks, for your help.
Solved! Go to Solution.
06-02-2008 07:07 AM
I think the ASA can have multiple trustpoints at the same time, you can see sample configuration on how to load a cert from a Microsoft CA:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008073b12b.shtml
For other commercial vendors you can find instructions on ther respective websites
Some other examples:
http://www.cisco.com/warp/public/471/verisign-install-asa.pdf
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808a61cd.shtml
Regards
Farrrukh
06-02-2008 07:07 AM
I think the ASA can have multiple trustpoints at the same time, you can see sample configuration on how to load a cert from a Microsoft CA:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008073b12b.shtml
For other commercial vendors you can find instructions on ther respective websites
Some other examples:
http://www.cisco.com/warp/public/471/verisign-install-asa.pdf
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808a61cd.shtml
Regards
Farrrukh
06-02-2008 11:36 PM
Thank you for your answer.
Our CA must be installed on the ASA. On the other side of the VPN is no CA. The certificate was manually generated by a tool.
How can I import the manually generated public certificate from the ohter side of the VPN in my ASA? No import from a CA.
06-03-2008 01:16 AM
Well first you need have to have the CA's certifcate that granted/issues this Certificate loaded on the ASA. Does this 'tool' have a certificate like a normal Certificate Authority does?
Then you can just import the certificate issues by this tool using the normal manual enrollment process.
Regards
Farrukh
06-06-2008 12:19 AM
We have installed a Microsoft CA and it is working fine.
Thanks for your help
Ragards
Markus
06-06-2008 02:43 AM
I'm glad to know you have it working now :)
Please rate helpful posts.
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide