ASA Local CA certificate enrollment invitation

Unanswered Question
Apr 7th, 2010

Hi,

I have been looking for the answer for a while.....

My ASA is version 8.2.1

I am planning to use ASA loca CA to ditsribute certificate for SSL VPN user.

After I create a user and email OTP, you get the E-mail like below.

(The following example is found at http://www.cisco.com/japanese/warp/public/3/jp/service/manual_j/sec/asa/caclcg4/chapter39/12172_01_39.shtml)

----------------------------------------------------------------------------------------------------------------------------------------

Date: 12/22/06

To: [email protected]

From: Wuseradmin

Subject: Certificate Enrollment Invitation

You have been granted access to enroll for a certificate.

The credentials below can be used to obtain your certificate.

Username: [email protected]
One-time Password: C93BBB733CD80C74

Enrollment is allowed until: 15:54:31 UTC Thu Dec 27 2006

NOTE: The one-time password is also used as the passphrase to unlock the certificate file.

Please visit the following site to obtain your certificate:

https://wu5520-FO.frdevtestad.local/+CSCOCA+/enroll.html

You may be asked to verify the fingerprint/thumbprint of the CA certificate

during installation of the certificates. The fingerprint/thumbprint should be:

MD5: 76DD1439 AC94FDBC 74A0A89F CB815ACC

SHA1: 58754FFD 9F19F9FD B13B4B02 15B3E4BE B70B5A83

-----------------------------------------------------------------------------------------------------------------------------------

My question is where the hostname (wu5520-FO.frdevtestad.local) of URL is from.

I though it is from hostname of ASA, so I changed hostname of ASA.

However the URL did not change.

Any comment would be greately appricated.

Thanks,

Taro

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
taroyamada9999 Sun, 04/11/2010 - 20:32

As far as Cisco document says that the hostname of the URL comes from hotname and domain name configured on ASA.

My ASA used to have the following hosname and domain name.

hostname: aaa

domain name: sample.com

Currently my ASA have the following hostname and domain name.

hostname: aaa

domain name: sampla.co.jp

I expected the URL changes aaa.sample.com to aaa .sample.co.jp, but URL stays aaa.sample.com.

Is this something which will change after rebooting ASA?

Thanks

Atri Basu Fri, 05/24/2013 - 14:48

Taro, did you try resetting the CA server process after changing the FQDN of the ASA? That is what is used by the ASA when sending out the email.

Julio Carvajal Fri, 05/24/2013 - 15:16

Hello Taro,

Agree with Atri,

I have not deal with this cases but it makes sense that you need to reset the CA server as it's basically using a different configuration set for the FQDN.

As soon as you enable the ASA CA capability the URL will be created based on the FQDN, so as it's up and running it will not change... That's how I see it,

Give it a try and let us know,

I think you can only remove the CA config with

clear config crypto ca server’

So be careful,

Regards

Julio

Actions

This Discussion