Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
1
Replies

Create self enrolled Certificate for WebVPN

Go to solution
mellowgb59
Level 1
Level 1

‎08-22-2006 12:27 PM

I am trying to create a self enrolled certificate for use in our lab for testing on ans ASA5520. A Cisco tech helped me create one once and I don't remember all the steps on how this was done. Can anyone help with this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
puagarwa
Level 1
Level 1

‎08-23-2006 03:07 PM

You can create a new trustpoint on the ASA, configured it for

"enrollment self" like this.

1. Configure the trustpoint. (You can have multiple CN's one for IP

address and one for FQDN, this will allow connecting via IP address or

hostname without a cert warning)

wb5540-FO(config)# sh run cry ca tr selfsigned

crypto ca trustpoint selfsigned

enrollment self

subject-name CN=10.10.1.1, CN=wb5540-FO.cisco.com

crl configure

2. Enroll the trustpoint

crypto ca enroll selfsigned

% The fully-qualified domain name in the certificate will be: wb5540-FO

% Include the device serial number in the subject name? [yes/no]: n

Generate Self-Signed Certificate? [yes/no]: y

wb5540-FO(config)#

3. View the resulting certificate

wb5540-FO(config)# sh cry ca cer selfsigned

Certificate

Status: Available

Certificate Serial Number: 31

Certificate Usage: General Purpose

Public Key Type: RSA (1024 bits)

Issuer Name:

hostname=wb5540-FO

cn=10.10.1.1

cn=wb5540-FO.cisco.com

Subject Name:

hostname=wb5540-FO

cn=10.10.1.1

cn=wb5540-FO.cisco.com

Validity Date:

start date: 13:47:37 UTC Jan 25 2006

end date: 13:47:37 UTC Jan 23 2016

Associated Trustpoints: selfsigned

4. To assigned it to be used for SSL configure it like this:

ssl trust-point selfsigned

View solution in original post

0 Helpful
1 Reply 1

Go to solution
puagarwa
Level 1
Level 1

‎08-23-2006 03:07 PM

You can create a new trustpoint on the ASA, configured it for

"enrollment self" like this.

1. Configure the trustpoint. (You can have multiple CN's one for IP

address and one for FQDN, this will allow connecting via IP address or

hostname without a cert warning)

wb5540-FO(config)# sh run cry ca tr selfsigned

crypto ca trustpoint selfsigned

enrollment self

subject-name CN=10.10.1.1, CN=wb5540-FO.cisco.com

crl configure

2. Enroll the trustpoint

crypto ca enroll selfsigned

% The fully-qualified domain name in the certificate will be: wb5540-FO

% Include the device serial number in the subject name? [yes/no]: n

Generate Self-Signed Certificate? [yes/no]: y

wb5540-FO(config)#

3. View the resulting certificate

wb5540-FO(config)# sh cry ca cer selfsigned

Certificate

Status: Available

Certificate Serial Number: 31

Certificate Usage: General Purpose

Public Key Type: RSA (1024 bits)

Issuer Name:

hostname=wb5540-FO

cn=10.10.1.1

cn=wb5540-FO.cisco.com

Subject Name:

hostname=wb5540-FO

cn=10.10.1.1

cn=wb5540-FO.cisco.com

Validity Date:

start date: 13:47:37 UTC Jan 25 2006

end date: 13:47:37 UTC Jan 23 2016

Associated Trustpoints: selfsigned

4. To assigned it to be used for SSL configure it like this:

ssl trust-point selfsigned

0 Helpful
Customers Also Viewed These Support Documents