Certificate on ASA - WebVPN

stephen.stack · ‎06-12-2010

HI All,

I've got a certificate and private key that i would like to upload to my asa for webvpn use.

The Key was generated on IIS and the cert is a wildcard cert (*.domain.com).

I did not really look to hard, but i cannot find a way to upload this key to the asa, and

use the wildcard for my domain for this cert (vpn.domain.com).

Can i upload the key somehow to use with the cert (i figured how to upload the cert)?

Can i use the wildcard cert for webvpn?

Thanks for your help

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

Marcin Latosiewicz · ‎06-13-2010

Stephen,

Are we talking about PKCS12?

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c5.html#wp2224488

crypto ca import trustpoint pkcs12 passphrase [ nointeractive ]

Marcin

stephen.stack · ‎06-13-2010

Thanks for the hlep. it did help.

What i ended up doing was export the cert and key from an IIS installation.

In converted the .pfx binary to to a .pem using openssl

openssl pkcs12 -in c:\wildcard.pfx -out c:\wildcard.pem

then i extracted the private key and the cert from the .pem manually (copy and paste)

I then ran the openssl command

openssl pkcs12 -export -in wildcard_cert.pem -inkey c:\wildcard_key.pem -out wildcard.p12 -clcerts converting the cert and key to a pkcs12 format.

I was asked for the export password and then applied the import password.

this .p12 file was easily installed on asdm identity certificate,

and i then applied it to the outside interface.

This worked a treat for me.

Thanks

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful