Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1220
Views
0
Helpful
6
Replies

FQDN

Go to solution
networker101
Level 1
Level 1

‎05-17-2010 03:20 AM - edited ‎03-11-2019 10:46 AM

Hi,

Can I use an IP address for FQDN on the ASA? or will it have to be a domain name. The current SSL is self signed and it is used for webvpn.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to networker101

‎05-17-2010 03:50 AM

Did you have "fqdn none" when you generate the CSR to GoDaddy? If you already have "fqdn none" under the trustpoint that you have

created for the GoDaddy certificate, then you would need to contact GoDaddy to issue you with certificate with only IP Address in the subject-name.

Please double check that you have "fqdn none" configured under the trustpoint.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎05-17-2010 03:31 AM

Definitely can.

I have just quickly lab it, and here is the steps:

crypto key generate rsa label mykey modulus 1024

crypto ca trustpoint myTP2
enrollment self
fqdn none
subject-name cn=100.1.1.1
keypair mykey

crypto ca enroll myTP2


Here is the output for your reference:

ASA(config)# sh cry ca cert
Certificate
  Status: Available
  Certificate Serial Number: 31
  Certificate Usage: General Purpose
  Public Key Type: RSA (1024 bits)
  Issuer Name:
    cn=100.1.1.1
  Subject Name:
    cn=100.1.1.1
  Validity Date:
    start date: 01:45:50 UTC May 17 2010
    end   date: 01:45:50 UTC May 14 2020
  Associated Trustpoints: myTP2

Hope that helps.

0 Helpful

Go to solution
networker101
Level 1
Level 1
In response to Jennifer Halim

‎05-17-2010 03:39 AM

Thanks for that, but when i submit it to Godaddy to retrieve the SSL certificate it does not issue it has the FQDN has an ip address.

Regards

Frank

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to networker101

‎05-17-2010 03:50 AM

Did you have "fqdn none" when you generate the CSR to GoDaddy? If you already have "fqdn none" under the trustpoint that you have

created for the GoDaddy certificate, then you would need to contact GoDaddy to issue you with certificate with only IP Address in the subject-name.

Please double check that you have "fqdn none" configured under the trustpoint.

0 Helpful

Go to solution
networker101
Level 1
Level 1
In response to Jennifer Halim

‎05-17-2010 03:59 AM

ok thanks i will do.

One more thing if you dont mind, can you give me your spec of your lab? I am in the process of putting one together not sure on the hardware etc.

Thanks

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to networker101

‎05-17-2010 04:08 AM

It's ASA 5510 with base license, running version 7.2.4.

0 Helpful

Go to solution
networker101
Level 1
Level 1
In response to Jennifer Halim

‎05-17-2010 04:09 AM

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card