cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
537
Views
0
Helpful
1
Replies

Using an ASA 5505 as a Certificate Authority and Distribution Point?

zibazadek
Level 1
Level 1

I had a question about the limitations of an ASA 5505 and using it as CA. The setup would be as follows:

2 ASA 5520's in set up for high availability failover.

1 ASA set up with a local CA server.

If I had to set up VPN to connect to an interface on the ASA 5520's and wanted to require certificates as a secondary authentication could they use an ASA 5505 as a CA to retrieve and verify stored certificates? The issue I ran in to was not being able to set up a local CA server on the failover pair and was hoping to use an ASA 5505 with a local CA server to act as a distribution point. I have been researching various configurations similar to this but have not found definitive information if it is even possible.

If someone could verify if this is even possible and / or point me in the right direction it would be greatly appreciated.

Thank you,

Rick

1 Reply 1

You can only create self signed certificates using the ASA, or import a identity certificate from a 3rd party CA.  The ASA unfortunately can only issue user certificates to users or PCs via downloading from a website, they cannot complete CSR requests.

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: