Using built-in CA server ASA5505 config?

Unanswered Question
Apr 21st, 2010
User Badges:

I’m interested in using the built-in CA server in a ASA5505. I wonder if anyone has good guide or step-by-step instruction for activating the CA server, generate a root certificate, let the ASA itself get a signed client certificate and then use all this for authenticate VPN clients. I have searched the CCO and found some instructions but they are so general and to cumbersome. How do you usually distribute the client certificate to the clients?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Wed, 04/21/2010 - 11:20
User Badges:
  • Green, 3000 points or more


The local CA feature on the ASA is very limited, take a look:

Normally, you configure the ASA as the VPN server, configure the authentication to be rsa-signatures and create the self-signed certificate on the ASA (to enable the CA functionality).

Then, each client is configured to enroll with the CA server (ASA) in this way obtaining the certificate.

Each client must have the CA certificate and an identity certificate of its own.



This Discussion