Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wildcard SSL cert on ASA

Is it possible to use a wildcard SSL cert on an ASA? That is, instead of getting a specific cert with the FQDN of the ASA, we would use the wildcard cert issued?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Wildcard SSL cert on ASA

Absolutely, it's especially needed in ASA vpn load balancing environments. When you connect to a FQDN that translates to a load balancing IP, one of the ASAs will do an http redirect to its individual hostname, your browser (or AnyConnect) will attempt that connection and ASA needs to have a certificate for that specific hostname. Having a wildcard cert on all ASAs resolves this. I've got this running on several customers.

If you need help with configuration, let me know.

You can either generate private keys on the ASA (and later export it to another ASA or other non-cisco devices), or you could import an existing wildcard certificate with the private keys (in PKCS12-BASE64 format)

Regards,

Roman

2 REPLIES

Re: Wildcard SSL cert on ASA

Absolutely, it's especially needed in ASA vpn load balancing environments. When you connect to a FQDN that translates to a load balancing IP, one of the ASAs will do an http redirect to its individual hostname, your browser (or AnyConnect) will attempt that connection and ASA needs to have a certificate for that specific hostname. Having a wildcard cert on all ASAs resolves this. I've got this running on several customers.

If you need help with configuration, let me know.

You can either generate private keys on the ASA (and later export it to another ASA or other non-cisco devices), or you could import an existing wildcard certificate with the private keys (in PKCS12-BASE64 format)

Regards,

Roman

New Member

Wildcard SSL cert on ASA

Roman,

I'm working on an ASA5520 and want to also use wildcard certificates, but am confused on the export and import of the csr and keys...I found documentation on how to create the csr but when I try to use the csr on the entrust certificate request site, there is always information within the csr that ties it back to the asa that created the csr...i found some docs that state to leave the fqdn as "none"...any help you can provide.

2452
Views
5
Helpful
2
Replies