cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
814
Views
0
Helpful
1
Replies

How to configure a CA certificate on the management interface of ASA

captainbluff
Level 1
Level 1

I am trying to install a CA issued certificate into an ASA and need to apply it to the management interface.

I am able to successfully create the certificate in the ASA but when I access the ASA's mangement IP via web browser, I am still getting self signed certificate instead of the one I created from the CA. What am I missing?

crypto key generate rsa label tsp.gov.key modulus 2048

crypto ca trustpoint ManagementCert2013

enrollment terminal

subject-name CN=pdc-asa-1.test.com,OU=Network,O=FRTIB,C=US,St=PA,L=Pittsburgh

serial-number

fqdn pdc-asa-1.test.com

keypair test.com.key

exit

crypto ca enroll ManagementCert2013 

crypto ca authenticate ManagementCert2013

ssl trust-point ManagementCert2013 management

sho crypto ca certificates ManagementCert2013

CA Certificate

  Status: Available

  Certificate Serial Number: 11999746000200000a75

  Certificate Usage: General Purpose

  Public Key Type: RSA (2048 bits)

  Signature Algorithm: SHA1 with RSA Encryption

  Issuer Name:

    cn=TSPOCA

   dc=test

    dc=com

  Subject Name:

    cn=pdc-asa-1.test.com

    ou=Network

    o=TEST

    l=Pittsburgh

    st=PA

    c=US

    hostname=pdc-asa-1.test.com

    serialNumber=XXXXXXXXX

  CRL Distribution Points:

    [1]  ldap:///CN=TSPOCA(2),CN=mprd-cert-app-2,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=test,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint

    [2]  http://cdp.test.com/CertEnroll/TSPOCA(2).crl

  Validity Date:

    start date: 10:54:34 UTC Oct 16 2013

    end   date: 10:54:34 UTC Oct 16 2015

  Associated Trustpoints: ManagementCert2013

Certificate

  Subject Name:

    Name: pdc-asa-1.test.com

    Serial Number: XXXXXXXXX

  Status: Pending terminal enrollment

  Key Usage: General Purpose

  Fingerprint:  cfbf4e3e 0e0e4f9c 6a558f53 0915890b

  Associated Trustpoint: ManagementCert2013

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

Did you remove your old trusptoint association?

Please provide the complete output of "show run ssl" to confirm.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: