Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN 3000 series Concentrator -X.509 Certificates

Is it possible for the VPN 3000 series Concentrator to generate the X.509 digital certificates or do you need to obtain the X.509 certificates from an outside vendor like Verisign? This is for an IPsec environment. Can the VPN Concentrator be used as a Certificate Server (CS)?

New Member

Re: VPN 3000 series Concentrator -X.509 Certificates

The VPN Concentrator supports X.509 digital certificates (International Telecommunications Union Recommendation X.509), including SSL (Secure Sockets Layer) certificates that are self-signed or issued in a PKI context.

Step 1 Display the Administration | Certificate Management screen. (See Figure 11-1.)

Step 2 Click Generate above the SSL Certificate table. The new certificate displays in the SSL Certificate table, replacing the existing one.

New Member

Re: VPN 3000 series Concentrator -X.509 Certificates

Hi Abhishek Neelakanta


Thank you very much for your response. I would like to know what are the real world lessons learned and /or encountered in using the X.509 digital certificates (not the SSL) in the VPN 3000 series concentrators and current Cisco ASA 5500 series platforms? whether the VPN concentrator can itself generate the X.509 certificate or not? I would appreciate your response as soon as possible. Thank you for your time and support.

New Member

Re: VPN 3000 series Concentrator -X.509 Certificates

SSL adopts the X.509 hierarchical certificate system.

X.509 is an ITU-T standard for a public key infrastructure (PKI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm

X.509 is a standard and SSL follows that, and VPN conc. and ASA5500 follows the self signed ssl cert.

Let me know if this answered your questions.