12-16-2008 12:55 PM - edited 02-21-2020 04:05 PM
I want to install multiple (real) certificates on an ASA for the purpose of using multiple SSL VPN pages. For instance:
www.server1.com/portal1 (resolves to outside IP of ASA and gets assigned a tunnel-group via the /portal1)
www.server2.com/portal2 (also resolves to outside IP of ASA, but gets assigned a different tunnel-group via /portal2)
I have installed the public cert for server1.com and it works fine. However, it looks like you can only bind one certificate to an interface. Since you can clearly install many certificates on the box, I assume there has to be a way to bind multiple certs to the outside interface (or map them to different tunnel-groups). The only certificate mapping stuff I see in ASDM is for client certificate authentication stuff.
Any help would be greatly appreciated.
Thanks,
Dave
12-17-2008 11:20 AM
Resolved. This is not possible.
02-20-2009 08:40 AM
Hi, I'm looking into the same issue. One workaround I just came across is "UC certificates" that have multiple subjects under the same cert. There's obvious issues with scalability and ongoing management, but it may be useful in your case. Take a look at:
http://www.digicert.com/subject-alternative-name.htm
Let me know if you come across any other solutions/workarounds.
02-23-2009 05:55 AM
Thanks for your reply. Your workaround is the only one I've been able to come up with myself, too. And it is not feasible as an ongoing solution in this case. The customer wound up purchasing an ACE server to do SSL acceleration.
Dave
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: