ASA SSL trustpoints

Unanswered Question
Jun 8th, 2009
User Badges:


I have a scenario where a web server is hosted on the inside and users accessing to it through https are being authenticated first on the ASA( there is a certificated installed on the ASA for secure access)

I want to add another web server and do the same setup, will I need a separate cetificate on the ASA( can I have multiple certificates for the same trustpoint knowing that I can assign only one trustpoint on the outside interface)

What's the best practise?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Fri, 06/12/2009 - 05:48
User Badges:

Yes you can assign the trustpoint to be used for SSL connections on the outside interface.

A trustpoint contains the identity of a certificate authority, CA-specific configuration parameters, and an association with one enrolled identity certificate. You need one trustpoint to connect with the Citrix server. You can configure up to two trustpoints, each to be assigned to a different interface on the security appliance; however, you can assign a single trustpoint to two interfaces.

k.abillama Fri, 06/12/2009 - 09:46
User Badges:

It is already the case, I already have a trustpoint configured on the outside interface. But I need to know if multiple certificates can coexist under one trustpoint.

Another thing, is it feasible to configure a subinterface on the outside interface and have a truspoint for each subinterface?


This Discussion