Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using an ASA 5505 as a Certificate Authority and Distribution Point?

I had a question about the limitations of an ASA 5505 and using it as CA. The setup would be as follows:

2 ASA 5520's in set up for high availability failover.

1 ASA set up with a local CA server.

If I had to set up VPN to connect to an interface on the ASA 5520's and wanted to require certificates as a secondary authentication could they use an ASA 5505 as a CA to retrieve and verify stored certificates? The issue I ran in to was not being able to set up a local CA server on the failover pair and was hoping to use an ASA 5505 with a local CA server to act as a distribution point. I have been researching various configurations similar to this but have not found definitive information if it is even possible.

If someone could verify if this is even possible and / or point me in the right direction it would be greatly appreciated.

Thank you,


VIP Green

Using an ASA 5505 as a Certificate Authority and Distribution Po

You can only create self signed certificates using the ASA, or import a identity certificate from a 3rd party CA.  The ASA unfortunately can only issue user certificates to users or PCs via downloading from a website, they cannot complete CSR requests.


Please remember to rate and select a correct answer
CreatePlease to create content