Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Using built-in CA server ASA5505 config?

I’m interested in using the built-in CA server in a ASA5505. I wonder if anyone has good guide or step-by-step instruction for activating the CA server, generate a root certificate, let the ASA itself get a signed client certificate and then use all this for authenticate VPN clients. I have searched the CCO and found some instructions but they are so general and to cumbersome. How do you usually distribute the client certificate to the clients?

1 REPLY

Re: Using built-in CA server ASA5505 config?

Hi,

The local CA feature on the ASA is very limited, take a look:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/cert_cfg.html

Normally, you configure the ASA as the VPN server, configure the authentication to be rsa-signatures and create the self-signed certificate on the ASA (to enable the CA functionality).

Then, each client is configured to enroll with the CA server (ASA) in this way obtaining the certificate.

Each client must have the CA certificate and an identity certificate of its own.

Federico.

754
Views
0
Helpful
1
Replies