cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
799
Views
0
Helpful
3
Replies

Multiple certificates on an ASA for SSL VPN (different URLs)

drbenham
Level 1
Level 1

I want to install multiple (real) certificates on an ASA for the purpose of using multiple SSL VPN pages. For instance:

www.server1.com/portal1 (resolves to outside IP of ASA and gets assigned a tunnel-group via the /portal1)

www.server2.com/portal2 (also resolves to outside IP of ASA, but gets assigned a different tunnel-group via /portal2)

I have installed the public cert for server1.com and it works fine. However, it looks like you can only bind one certificate to an interface. Since you can clearly install many certificates on the box, I assume there has to be a way to bind multiple certs to the outside interface (or map them to different tunnel-groups). The only certificate mapping stuff I see in ASDM is for client certificate authentication stuff.

Any help would be greatly appreciated.

Thanks,

Dave

3 Replies 3

drbenham
Level 1
Level 1

Resolved. This is not possible.

Hi, I'm looking into the same issue. One workaround I just came across is "UC certificates" that have multiple subjects under the same cert. There's obvious issues with scalability and ongoing management, but it may be useful in your case. Take a look at:

http://www.digicert.com/subject-alternative-name.htm

Let me know if you come across any other solutions/workarounds.

Thanks for your reply. Your workaround is the only one I've been able to come up with myself, too. And it is not feasible as an ongoing solution in this case. The customer wound up purchasing an ACE server to do SSL acceleration.

Dave

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: