Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to configure a CA certificate on the management interface of ASA

I am trying to install a CA issued certificate into an ASA and need to apply it to the management interface.

I am able to successfully create the certificate in the ASA but when I access the ASA's mangement IP via web browser, I am still getting self signed certificate instead of the one I created from the CA. What am I missing?

crypto key generate rsa label tsp.gov.key modulus 2048

crypto ca trustpoint ManagementCert2013

enrollment terminal

subject-name CN=pdc-asa-1.test.com,OU=Network,O=FRTIB,C=US,St=PA,L=Pittsburgh

serial-number

fqdn pdc-asa-1.test.com

keypair test.com.key

exit

crypto ca enroll ManagementCert2013 

crypto ca authenticate ManagementCert2013

ssl trust-point ManagementCert2013 management

sho crypto ca certificates ManagementCert2013

CA Certificate

  Status: Available

  Certificate Serial Number: 11999746000200000a75

  Certificate Usage: General Purpose

  Public Key Type: RSA (2048 bits)

  Signature Algorithm: SHA1 with RSA Encryption

  Issuer Name:

    cn=TSPOCA

   dc=test

    dc=com

  Subject Name:

    cn=pdc-asa-1.test.com

    ou=Network

    o=TEST

    l=Pittsburgh

    st=PA

    c=US

    hostname=pdc-asa-1.test.com

    serialNumber=XXXXXXXXX

  CRL Distribution Points:

    [1]  ldap:///CN=TSPOCA(2),CN=mprd-cert-app-2,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=test,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint

    [2]  http://cdp.test.com/CertEnroll/TSPOCA(2).crl

  Validity Date:

    start date: 10:54:34 UTC Oct 16 2013

    end   date: 10:54:34 UTC Oct 16 2015

  Associated Trustpoints: ManagementCert2013

Certificate

  Subject Name:

    Name: pdc-asa-1.test.com

    Serial Number: XXXXXXXXX

  Status: Pending terminal enrollment

  Key Usage: General Purpose

  Fingerprint:  cfbf4e3e 0e0e4f9c 6a558f53 0915890b

  Associated Trustpoint: ManagementCert2013

1 REPLY
Hall of Fame Super Silver

How to configure a CA certificate on the management interface of

Did you remove your old trusptoint association?

Please provide the complete output of "show run ssl" to confirm.

478
Views
0
Helpful
1
Replies
CreatePlease to create content