Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5520 Anyconnect replacing identity certificate

Hopefully someone can give me a quick answer to my query, we currently have a remote access asa setup using Anyconnect with self signed certificate, and several users in the certificate database as we are using radius and certificate for authentication.

I want to purchase and obtain a trusted CA signed certificate (such as Verisign) and replace the current self signed cert.

My question is will I have to reset the current CA server of the ASA and replace the certificate user database? ie start from scratch.                 

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Re: ASA5520 Anyconnect replacing identity certificate

No, you don't have to start from scratch. It's quite common to have the ASA-identity-cert from a public CA, but the user-certs are from a private CA. With your change you achieve exactly this scenario.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
2 REPLIES
VIP Purple

Re: ASA5520 Anyconnect replacing identity certificate

No, you don't have to start from scratch. It's quite common to have the ASA-identity-cert from a public CA, but the user-certs are from a private CA. With your change you achieve exactly this scenario.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

ASA5520 Anyconnect replacing identity certificate

Thanks that makes sense

718
Views
0
Helpful
2
Replies