Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Client certificate authentication on ASA 5520


We have configured certificate authentication for remote access IPSEC vpn and it is working fine.   This is using the same internal Certificate Authority server for both the identity certificate of the ASA and the client certificates issued to remote clients.

We now wish to use a different CA which is a subordinate of the existing CA for client certificates - we want to keep the existing identity certificate using the root CA.

How do we ensure that the ASA will authenticate clients using certificates published by the old root CA and the new subordinate CA?    What is the process to follow on the GUI to do this?     Do I just add another CA certificate under the 'certificate management>CA certificates' window with a new ADSM trustpoint, or is there more steps?

Everyone's tags (1)