Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
863
Views
0
Helpful
1
Replies

How to apply 3rd party cert to Cisco 1811 ISR (using SDM not working)?

hamdodger
Level 1
Level 1

‎09-30-2009 11:06 AM - edited ‎03-09-2019 10:36 PM

I am attempting to install a third party SSL cert (GoDaddy) to properly secure the external interface of my 1811 ISR so that I can implement SSL VPN. I have tried using SDM 2.5, but that doesn't appear to be working. I am familiar with doing this on a Cisco 3005 Concentrator, but I'm not aware of how to install an intermediate cert on the 1811 (or if it's even possible), in order to properly have the GoDaddy cert properly imported and used for SSL VPN.

I have gone through the CSR process and have the initial cert from them generated and have imported it, but it never appears to be identified correctly if I browse to the external interface on the router. The router always defaults to its self-signed cert.

Any help or pointers would be greatly appreciated.

Labels:
0 Helpful
1 Reply 1

jelloyd
Cisco Employee
Cisco Employee

‎02-18-2011 07:46 AM

You would need to manually configure your trustpoint in the CLI and point the enrollment URL to the 3rd party CA.  Then you would have to authenticate the trustpoint to get the root CA.  Then you would need to enroll with the trustpoint to generate a CSR (Certificate Signing Request) to send to the 3rd part CA for your ID cert.  Once you get the ID cert back, you would then need to import them.  This is referred to commonly as the cut-and-paste method and is described in details here:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cert_enroll_pki.html#wp1073636

0 Helpful
Customers Also Viewed These Support Documents