We have configured certificate authentication for remote access IPSEC vpn and it is working fine. This is using the same internal Certificate Authority server for both the identity certificate of the ASA and the client certificates issued to remote clients.
We now wish to use a different CA which is a subordinate of the existing CA for client certificates - we want to keep the existing identity certificate using the root CA.
How do we ensure that the ASA will authenticate clients using certificates published by the old root CA and the new subordinate CA? What is the process to follow on the GUI to do this? Do I just add another CA certificate under the 'certificate management>CA certificates' window with a new ADSM trustpoint, or is there more steps?