Using built-in CA server ASA5505 config?

Unanswered Question
Apr 21st, 2010

I’m interested in using the built-in CA server in a ASA5505. I wonder if anyone has good guide or step-by-step instruction for activating the CA server, generate a root certificate, let the ASA itself get a signed client certificate and then use all this for authenticate VPN clients. I have searched the CCO and found some instructions but they are so general and to cumbersome. How do you usually distribute the client certificate to the clients?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Wed, 04/21/2010 - 11:20

Hi,

The local CA feature on the ASA is very limited, take a look:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/cert_cfg.html

Normally, you configure the ASA as the VPN server, configure the authentication to be rsa-signatures and create the self-signed certificate on the ASA (to enable the CA functionality).

Then, each client is configured to enroll with the CA server (ASA) in this way obtaining the certificate.

Each client must have the CA certificate and an identity certificate of its own.

Federico.

Actions

This Discussion