View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0014 - Certificate Installation on Router and ASA

SEC0014 - Certificate Installation on Router and ASA

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security

The video demonstrates how to install a SSL certificate on Cisco router and ASA firewall manually and via SCEP. Windows 2008 running Enterprise CA server is used in this lab to provide auto-enrollment. For manual enrollment, a Certificate Signing Request (CSR) is created on a network device and submitted to the CA through web enrollment. The issued certificate is then imported to the device. SCEP, on the other hand, automates the enrollment process into a single command through HTTP transaction given the CA is reachable to the devices. The installed certificate will be used for certificate authentication in our subsequent labs.

Topic includes
  • Manual Certificate Installation on Cisco Router
  • SCEP Certificate Installation on Cisco Router and ASA
Tag: 
scep
certificate
ndes
windows

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

10 comments

Submitted by samyise on Mon, 03/31/2014 - 06:50

Hi

what is the password that you write it when you try to get the CER to FW

Submitted by admin on Mon, 03/31/2014 - 12:52

In the video we just use cisco but you can pretty much enter anything as long as your SCEP server is not set to challenge password, otherwise you need to match the password as your server

Submitted by samyise on Tue, 04/01/2014 - 01:40

how can i check the password with the server and how i can get it from the server ?

how can i let the server check the password ?

Submitted by admin on Tue, 04/01/2014 - 22:14

The password is randomly generated by default and it can be obtained from a webpage on the server. Please see the following two videos.

http://www.labminutes.com/sec0009_windows_2008_ca_scep_install

http://www.labminutes.com/sec0011_windows_2008_ca_auto_enrollment

Submitted by chocolate on Sat, 04/09/2016 - 21:13

Hi,
Thanks for this video
I have a problem to enroll CA into ASA Firewall.
I already set auto-Enrollment options, but i can not enrol CA in ASA firewall.
i type crypto ca enroll ROOT-CA after that pop put a message
"Certificate request sent to Certificate Authority."
"FW1(config)# %The current certificate enrolment session is cancelled."
Also, i type a command debug crypto ca transactions
There have some Error message
"Failed to cache certificate chain for the trustpoint ROOT-CA or non available"
"Unable to read CA/RA certificates.Error processing auth response. Unable to send PKI requestCrypto CA thread sleeps!"
That problem from CA Server?

Thank

Submitted by chocolate on Sun, 04/10/2016 - 05:12

i found a problem, it comes from CA Server.
My ASA Firewall ios not support SHA2 , However my CA server using SHA2.
Therefore, can not enroll CA into my ASA firewall.

Thank~

Submitted by admin on Sun, 04/10/2016 - 21:10

Did you change the cert template on CA to SHA1 or upgrade your ASA to make it support SHA2?

Submitted by chocolate on Mon, 04/11/2016 - 07:45

i changed already.. it is working.
when i install cert on my computer, still have red cross.
because SHA1 not support browsers at all now.
So, i install CA server again change to SHA2.
Thank

Submitted by Shervin on Fri, 09/07/2018 - 13:47

Hi,
How did you configure internet VRF on that switch? is that kind of VRF Routing in VLAN?
Thanks

Submitted by admin on Mon, 09/10/2018 - 22:23

You just create a VRF and associate L3 interfaces (routed port, or SVI) to it

Poll

Vote for the Next Video Series