×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How to configure a CA certificate on the management interface of ASA

Unanswered Question
Oct 16th, 2013
User Badges:

I am trying to install a CA issued certificate into an ASA and need to apply it to the management interface.

I am able to successfully create the certificate in the ASA but when I access the ASA's mangement IP via web browser, I am still getting self signed certificate instead of the one I created from the CA. What am I missing?



crypto key generate rsa label tsp.gov.key modulus 2048


crypto ca trustpoint ManagementCert2013

enrollment terminal

subject-name CN=pdc-asa-1.test.com,OU=Network,O=FRTIB,C=US,St=PA,L=Pittsburgh

serial-number

fqdn pdc-asa-1.test.com

keypair test.com.key

exit


crypto ca enroll ManagementCert2013 


crypto ca authenticate ManagementCert2013

ssl trust-point ManagementCert2013 management




sho crypto ca certificates ManagementCert2013

CA Certificate

  Status: Available

  Certificate Serial Number: 11999746000200000a75

  Certificate Usage: General Purpose

  Public Key Type: RSA (2048 bits)

  Signature Algorithm: SHA1 with RSA Encryption

  Issuer Name:

    cn=TSPOCA

   dc=test

    dc=com

  Subject Name:

    cn=pdc-asa-1.test.com

    ou=Network

    o=TEST

    l=Pittsburgh

    st=PA

    c=US

    hostname=pdc-asa-1.test.com

    serialNumber=XXXXXXXXX

  CRL Distribution Points:

    [1]  ldap:///CN=TSPOCA(2),CN=mprd-cert-app-2,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=test,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint

    [2]  http://cdp.test.com/CertEnroll/TSPOCA(2).crl

  Validity Date:

    start date: 10:54:34 UTC Oct 16 2013

    end   date: 10:54:34 UTC Oct 16 2015

  Associated Trustpoints: ManagementCert2013



Certificate

  Subject Name:

    Name: pdc-asa-1.test.com

    Serial Number: XXXXXXXXX

  Status: Pending terminal enrollment

  Key Usage: General Purpose

  Fingerprint:  cfbf4e3e 0e0e4f9c 6a558f53 0915890b

  Associated Trustpoint: ManagementCert2013

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marvin Rhoads Sat, 10/19/2013 - 20:03
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Did you remove your old trusptoint association?


Please provide the complete output of "show run ssl" to confirm.

Actions

This Discussion