Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
905
Views
0
Helpful
1
Replies

Using built-in CA server ASA5505 config?

hborg
Level 1
Level 1

‎04-21-2010 11:14 AM

I’m interested in using the built-in CA server in a ASA5505. I wonder if anyone has good guide or step-by-step instruction for activating the CA server, generate a root certificate, let the ASA itself get a signed client certificate and then use all this for authenticate VPN clients. I have searched the CCO and found some instructions but they are so general and to cumbersome. How do you usually distribute the client certificate to the clients?

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎04-21-2010 11:20 AM

Hi,

The local CA feature on the ASA is very limited, take a look:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/cert_cfg.html

Normally, you configure the ASA as the VPN server, configure the authentication to be rsa-signatures and create the self-signed certificate on the ASA (to enable the CA functionality).

Then, each client is configured to enroll with the CA server (ASA) in this way obtaining the certificate.

Each client must have the CA certificate and an identity certificate of its own.

Federico.

0 Helpful
Customers Also Viewed These Support Documents