VPN 3000 series Concentrator -X.509 Certificates

Unanswered Question
Jun 4th, 2008

Is it possible for the VPN 3000 series Concentrator to generate the X.509 digital certificates or do you need to obtain the X.509 certificates from an outside vendor like Verisign? This is for an IPsec environment. Can the VPN Concentrator be used as a Certificate Server (CS)?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
aneelaka Wed, 06/04/2008 - 15:08

The VPN Concentrator supports X.509 digital certificates (International Telecommunications Union Recommendation X.509), including SSL (Secure Sockets Layer) certificates that are self-signed or issued in a PKI context.

Step 1 Display the Administration | Certificate Management screen. (See Figure 11-1.)

Step 2 Click Generate above the SSL Certificate table. The new certificate displays in the SSL Certificate table, replacing the existing one.


rrcisco2007 Tue, 06/17/2008 - 11:29

Hi Abhishek Neelakanta


Thank you very much for your response. I would like to know what are the real world lessons learned and /or encountered in using the X.509 digital certificates (not the SSL) in the VPN 3000 series concentrators and current Cisco ASA 5500 series platforms? whether the VPN concentrator can itself generate the X.509 certificate or not? I would appreciate your response as soon as possible. Thank you for your time and support.

aneelaka Tue, 06/17/2008 - 15:54

SSL adopts the X.509 hierarchical certificate system.


X.509 is an ITU-T standard for a public key infrastructure (PKI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm


X.509 is a standard and SSL follows that, and VPN conc. and ASA5500 follows the self signed ssl cert.

Let me know if this answered your questions.


This Discussion