Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Multiple certificates on an ASA for SSL VPN (different URLs)

I want to install multiple (real) certificates on an ASA for the purpose of using multiple SSL VPN pages. For instance:

www.server1.com/portal1 (resolves to outside IP of ASA and gets assigned a tunnel-group via the /portal1)

www.server2.com/portal2 (also resolves to outside IP of ASA, but gets assigned a different tunnel-group via /portal2)

I have installed the public cert for server1.com and it works fine. However, it looks like you can only bind one certificate to an interface. Since you can clearly install many certificates on the box, I assume there has to be a way to bind multiple certs to the outside interface (or map them to different tunnel-groups). The only certificate mapping stuff I see in ASDM is for client certificate authentication stuff.

Any help would be greatly appreciated.

Thanks,

Dave

3 REPLIES
New Member

Re: Multiple certificates on an ASA for SSL VPN (different URLs)

Resolved. This is not possible.

New Member

Re: Multiple certificates on an ASA for SSL VPN (different URLs)

Hi, I'm looking into the same issue. One workaround I just came across is "UC certificates" that have multiple subjects under the same cert. There's obvious issues with scalability and ongoing management, but it may be useful in your case. Take a look at:

http://www.digicert.com/subject-alternative-name.htm

Let me know if you come across any other solutions/workarounds.

New Member

Re: Multiple certificates on an ASA for SSL VPN (different URLs)

Thanks for your reply. Your workaround is the only one I've been able to come up with myself, too. And it is not feasible as an ongoing solution in this case. The customer wound up purchasing an ACE server to do SSL acceleration.

Dave

230
Views
0
Helpful
3
Replies