Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISA 500 Series Remote Administration Certificates

Hi,

I've enabled remote management of an ISA550w and I'm only allowing https connections.  Is it possible to provide a certificate for remote admin of the device?  I have uploaded a certificate from a trusted CA to the device, but it only seems to present the default self signed certificate when connecting from an external IP.  I would prefer to see a proper certificate when connecting.

Thanks in advance for any advise you can offer on this.

8 REPLIES
New Member

ISA 500 Series Remote Administration Certificates

Just to clarify the above, I have selected the imported certificate (for which the CSR was generated by the device) in:
Administrator Settings->Web Server SSL Certificate

The device did reboot after this, but I have tried manually restarting too.  I have triple checked that the 'real' certificate is still selected in the UI, however the device persists in presenting its self signed certificate.

ISA 500 Series Remote Administration Certificates

Are you certain it's still using the default or are you getting the Certificate Warning when you browse to it and assuming it's using the default?  The reason that I ask is that you need to ensure your certificate matches whatever the ISAis being accessed with (i.e. IP Address, FQDN, etc.).  Probably a dumb question but thought I'd ask.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

Re: ISA 500 Series Remote Administration Certificates

Hi Shawn,

Unfortunately it is still the self signed cert. it's identified by the MAC address of the device. The cert I provided is based on a FQDN, so I could understand the warning if I accessed it via IP alone, but I get the same error when I connect using the FQDN too

Sent from Cisco Technical Support iPhone App

Re: ISA 500 Series Remote Administration Certificates

Hmmm.  That is strange.  Might be a bug.  I'd open a case with SBSC to investigate further.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

Re: ISA 500 Series Remote Administration Certificates

Thanks Shawn,

I'll open a support call and see what comes out.  I can definitely understand the possibility of it being a bug - though it's quite fundamental; I guess some weird edge-case that wasn't caught in testing the firmware, or I've missed something fundamental myself.

I'll post back with what the resolution ends up being.

Cisco Employee

Re: ISA 500 Series Remote Administration Certificates

Hi Dominic,

Who is the CA that issued the certificate?  We've had some issues with certificates issued from some CAs that has to do with the format of the certificate.  When you open a case, we'll want to look at the certificate file provided from the CA.  Also, please let me know the case number once it's created.

Thanks,

Brandon

Cisco Employee

Re: ISA 500 Series Remote Administration Certificates

Hi Dominic,

Did you open a case for this?

Thanks,

Brandon

New Member

Re: ISA 500 Series Remote Administration Certificates

Hi Brandon,

Sorry for the delayed response, I'm the only tech person in the firm (small business! ), and have been focussed on client issues.  This device is for my firm though so took lower priority.

The certificate was issued by GoDaddy/Starfield.

The support case number is: 626848971

One question from my side... I'm usually dealing with clients during normal UK business hours which is the time when the Cisco UK support centre is open.  Is it acceptable to use the US support centre given that this is more of a software issue rather than something that would require the device to be returned to Cisco?  I tend to deal with my firm's own admin after the end of the UK business day.  I also find that when I do find a few minutes to attempt to contact the UK centre, it takes a long time to get a response via live chat - understandable if call volumes are high, but I often have to go off to work with my clients before I can get through.

Many Thanks,

Dominic

1034
Views
0
Helpful
8
Replies
CreatePlease login to create content