View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0014 - Certificate Installation on Router and ASA

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>

The video demonstrates how to install a SSL certificate on Cisco router and ASA firewall manually and via SCEP. Windows 2008 running Enterprise CA server is used in this lab to provide auto-enrollment. For manual enrollment, a Certificate Signing Request (CSR) is created on a network device and submitted to the CA through web enrollment. The issued certificate is then imported to the device. SCEP, on the other hand, automates the enrollment process into a single command through HTTP transaction given the CA is reachable to the devices. The installed certificate will be used for certificate authentication in our subsequent labs.

Topic includes
  • Manual Certificate Installation on Cisco Router
  • SCEP Certificate Installation on Cisco Router and ASA

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

10 comments

Hi

what is the password that you write it when you try to get the CER to FW

In the video we just use cisco but you can pretty much enter anything as long as your SCEP server is not set to challenge password, otherwise you need to match the password as your server

how can i check the password with the server and how i can get it from the server ?

how can i let the server check the password ?

The password is randomly generated by default and it can be obtained from a webpage on the server. Please see the following two videos.

http://www.labminutes.com/sec0009_windows_2008_ca_scep_install

http://www.labminutes.com/sec0011_windows_2008_ca_auto_enrollment

Hi,
Thanks for this video
I have a problem to enroll CA into ASA Firewall.
I already set auto-Enrollment options, but i can not enrol CA in ASA firewall.
i type crypto ca enroll ROOT-CA after that pop put a message
"Certificate request sent to Certificate Authority."
"FW1(config)# %The current certificate enrolment session is cancelled."
Also, i type a command debug crypto ca transactions
There have some Error message
"Failed to cache certificate chain for the trustpoint ROOT-CA or non available"
"Unable to read CA/RA certificates.Error processing auth response. Unable to send PKI requestCrypto CA thread sleeps!"
That problem from CA Server?

Thank

i found a problem, it comes from CA Server.
My ASA Firewall ios not support SHA2 , However my CA server using SHA2.
Therefore, can not enroll CA into my ASA firewall.

Thank~

Did you change the cert template on CA to SHA1 or upgrade your ASA to make it support SHA2?

i changed already.. it is working.
when i install cert on my computer, still have red cross.
because SHA1 not support browsers at all now.
So, i install CA server again change to SHA2.
Thank

Hi,
How did you configure internet VRF on that switch? is that kind of VRF Routing in VLAN?
Thanks

You just create a VRF and associate L3 interfaces (routed port, or SVI) to it