How to apply 3rd party cert to Cisco 1811 ISR (using SDM not working)?

Unanswered Question
Sep 30th, 2009

I am attempting to install a third party SSL cert (GoDaddy) to properly secure the external interface of my 1811 ISR so that I can implement SSL VPN. I have tried using SDM 2.5, but that doesn't appear to be working. I am familiar with doing this on a Cisco 3005 Concentrator, but I'm not aware of how to install an intermediate cert on the 1811 (or if it's even possible), in order to properly have the GoDaddy cert properly imported and used for SSL VPN.


I have gone through the CSR process and have the initial cert from them generated and have imported it, but it never appears to be identified correctly if I browse to the external interface on the router. The router always defaults to its self-signed cert.


Any help or pointers would be greatly appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jelloyd Fri, 02/18/2011 - 07:46

You would need to manually configure your trustpoint in the CLI and point the enrollment URL to the 3rd party CA.  Then you would have to authenticate the trustpoint to get the root CA.  Then you would need to enroll with the trustpoint to generate a CSR (Certificate Signing Request) to send to the 3rd part CA for your ID cert.  Once you get the ID cert back, you would then need to import them.  This is referred to commonly as the cut-and-paste method and is described in details here:


http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cert_enroll_pki.html#wp1073636

Actions

This Discussion