Refresh configuration in ASDM, and verify from there also that certificates are under the same trustpoint.ġ4.
To sign the server's certificate request using the CA's key, use the following command:Īt this point, the certificate configuration should look like this (both certificates are under the same trustpoint):Ĭrypto ca certificate chain ASDM_Trustpoint0 Sign the Server Certificate Request Using the CA "ciscoasa" there (my default cisco hostname)Ĭlick Add Certificate, and save the certificate request to a file, e.g. Add same values as for the client, except for the Common Name (CN) field. Select the subject DN fields by clicking Select. The certificate will be moved to the same trustpoint manually later. Thus, a different trustpoint must be selected compared to what was used for the CA certificate. There is a bug in ASA which prevents creating the identity certificate directly in an existing trustpoint. In Cisco ASDM, select Configuration - Certificate Management - Identity Certificates. Trustpoint name can be left as the default, or it can be changed to something more descriptive.Ĭlick Install Certificate. Log in to Cisco ASA using ASDM tool, and open Configuration - Remote Access VPN - Certificate Management - CA Certificates.Ĭlick Add, and in Install from a file -field, browse the CA certificate file created previously. Enter password to unpack and install the certificateġ0. Goto Settings: Location & Security / Install Certificate from SDcard Copy client_crt.p12 to the root of the SDcard The pkcs#12 file is now ready to imported to an Android device: Openssl pkcs12 -export -out client_crt.p12 -inkey client_key.pem -in client_crt.pem -certfile CA_crt.pem
0 kommentar(er)
