how to install a wildcard certificate with only the .cer file. I've found quite a few things here in the forums, but everyone seems to also have a pkcs12 file, which I do not.
This is an ASA 5510 on ver 8.4.
I am basically looking to install the wildcard on the outside interface for my ASA
View 1 Replies View RelatedI've seen a bunch of discussions on the untrusted server cert error with self signed certs. But I have a valid wildcard that I use on my ASA. How do I make that work with out the untrusted server cert error?
View 5 Replies View RelatedHow to Generate a CSR File to Renew out SSL Certificate on ASA5510 v9.0(2) - ASDM v 7.1(2) ?
View 1 Replies View RelatedIs it possible to import the config of a 5510 to a 5520. Trying to replace two 5510's with 5520's and wondering is there a way import the existing config files for the 5510's into the 5520's?
View 3 Replies View RelatedIs it possible to use wildcard (*) or regexp in ACS 5.2? For example, I would like to create an End Station Filter that would match when the DNIS is *something
View 1 Replies View RelatedI have SSH and SCP enabled on the ASA 5510. I can SSH fine into the device. However, I cannot copy files to the device usng WinSCP. Used all options but nothign seems to work. I see the log authentication successful, but then WinSCP reports no response from ASA.
View 5 Replies View RelatedGetting ready to order a SSL Certificate for my newly installed ACS 5.4 and before I did that i want to verify if ACS 5.4 supports Wildcard SSL's.
View 5 Replies View RelatedI'm attempting to install a GoDaddy wildcard ssl certificate onto a WLC 2504 running version 7.4.100.0.
I am getting the error "#SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4055 Cannot PEM decode private key" when downloading the .pem file to the controller.
What I have attempted to do was to export the certificate from a Windows 2008 R2 server into a .pfx file. The file contained the private key and all possible root certficates (in this case a root and a intermediate cert). Now I took this .pfx file and attempted to create a .pem file with openssl using the following command: openssl pkcs12 -in myssl.pfx -out mynewssl.pem -passin pass:mypassword -passout pass:mypassword
Now I have opened the .pem file and verified it does contain the private key and the three certificates (wildcard, intermediate and root).
is it possible to use wildcards in Compund Conditions in ACS 5.2? i've been suing the following to try and match a username that contains @*.*:
This would hopefully match a username like j.blogs@somewhere.com but doesn't work as expected - am i doing something wrong or are wildcards not supported in compund conditions?
I installed a chained SSL cert on our anchor/guest 4402 a few years ago.We now have a need to replace the 4402 w/ a 5508, and I got everything configured, ready to go, except that darn cert.I can no longer locate the private key that was used to sign the original CSR.Is there any way to export the current cert from the 4402, so that I can import to the 5508? Or am I SOL?
View 3 Replies View RelatedI have 3 WLC 5508 and a NAC guest server. We want to download a wildcard certificate after a few seconds at the download of this certificate I got the failure message download failed.
Accept the WLC wildcard certificates or must I generate a SAN (Subject Alternative Name) Certificate.
I am wanting to use a cert signed by a digicert or verisign on my ASA so that anyconnect doesn't frreak out with the untrusted cert. I have created the CSR, and I uploaded the certificate, but it is still showing the old self signed untrusted cert.
View 5 Replies View RelatedWhen trying to do a cut-n-paste enrollment of a cisco 3725 router with a microsoft windows server 2003 CA i get the following error on the CA.Certificate Services denied request 8675 because The request subject name is invalid or too long. 0x80094001 (-2146877439). The request was for OID.1.2.840.113549.1.9.2=rtr31slied3.unit4agresso.com. Additional information: Error Constructing or Publishing Certificate This is when i use the router or webserver certificate.The only template that does work is the user certificate but then you get error messages that the router name doesnt match the cert name.The 3725 is running ios version 12.3(14)T3.How can we get the right templates to work ?
View 3 Replies View RelatedI know that CSRs cannot be generated with multiple names, but if the SAN is added after the cert is ordered from Geo Trust, Veri sign, etc. can the CSS support using the cert?
View 1 Replies View RelatedI generated a wildcard certificate for my company type *. [URL] in a CSS 11501. For the site [URL] worked fine, for the site [URL] didn't worked. I read on the web that should generate a wildcard certificate with subject alternative names. Is it possible in CSS? how can I do it?
View 5 Replies View RelatedI have a need to utilize two factor authentication using a machine certificate and users AD crednetials. What we would like to do is to have the ASA and AnyConnect verify the certificate exists, check against our in house CA for validity, if valid pass the user credentials to the AD servers and establish the tunnel. If not valid quarantine the session and pop a message to the user to contact the help desk ASAP. My guess is the following (using ASDM 6.6, ASA 8.6.1, ASA 5545-X):
1. under the connection profile I have select BOTH for authentication and added a AAA server group.
2. under Cert Management I have added the 3 certs that are present on all company mobile assets
- Cert America
- Cert Europe
- Cert Root
3. I have an identity cert installed from the company CA and it is selected as the device cert under connection profiles
4.Local Cert Authority is Disabled
5.Under Remote Access>Advanced>Certs for AnyConnect>
- I have mapped DefaultCertifiateMap pri 10 to Company_Cert connection profile
- The mapping is looking for Subject: CN: <Contains> (string) ----where string is a common component of each Cert listed in #2.
Question #1 - Is this correct for utilizing certs and AD auth or have a missed any steps?
Users are directed to a an initial installation URL - where the AnyConnect client performs the installation and passes down the intial AC profile which auths using only AD creds. On subsequent connections users who pass the certificate mapping check are migrated to the connection profile which uses the dual authentication method.
Question #2 - When I attempt a new installation of AnyConnect using the two factor URL . I receive an error "certificate validation error" and the installation fails - for the life of me I can not figure out why???? The machine has all three certs, using IE9 as the browser.
I have a cisco 5508 WLC that I have setup WebAuth on and trying to install the certificate on. I have generated the csr and gotten my cert from Verisign (X.509, server platform=apache). I have followed the instruction via the cisco documentation url...I found an error in uploading and find out how to encrypt mykey: url...
I am also having exactly the same issue with a certificate from Thawte. I followed the unchained guide and have tried both with and without a password in the initial step key generation step, requesting a new cert each time. As with Jeensernchew's issue there are no errors in OpenSSL but when uploading the cert to the WLC get the following error. [code] The WLC is running version 6.0.196.0. I am using OpenSSL 1.0.0 29 Mar 2010.
When I requested the cert from Thawte I was asked to specify the device type, I chose Cisco, but as all the work and conversion is being done by OpenSSL, should I have chosen differently? When I do this I can load the cert in the 5508, but the controller fails and doesn't allow that VLAN or config access to the wireless network. I am at a loss of why I can load and it not work. I have verified my hostname and password and those are good.
We currently are using a self-signed cert (for PEAP machine authentication) that was created on an ACS 3.3 appliance. That cert was manually installed on our laptops when they were configured for wireless conenctivity.My problem is, that self-signed cert will soon be expiring and I am not sure what needs to be done to issue a new cert AND deploy it to my Windows XP Pro clients without a service interruption. If possible, I'd like to leverage our exsiting AD infrastructure for this, but I need some direction, and time is of the essence!!
View 2 Replies View RelatedI have a client that needs to update a certificate on their 2125 controller. They have created a .pfx cert that does not work because of file type. I wanted to see what the best pratice would be for me to follow installing this cert and do I need any additional cert like a CA. I found a document but am not so sure that it is exactly what I need.
AIR-WLC2125-K9 : JMX1248K0EL
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.188.0
RTOS Version..................................... 6.0.188.0
[code]....
So since my web auth cert is expiring I got it renewed from VeriSign and they sent me back the file. Do I need to again combine the "myprivatekey.pem" file and the new one that I got and then load it on the WLC? Can't find any guidelines and instructions from Cisco on this. Or do I need to go through the whole regenration of CSR process again etc?
View 3 Replies View RelatedIs it possible on the CSS11503 to create a layer 5 content rule that matches a url "/*/_edit".
View 3 Replies View RelatedUsing a Cisco 1800 series router (1802) with IOS 15.1(4)M2.I am quite sure the following should somehow be possible in IOS, but I can't figure out how to do it ... :I have the situation that I need to bind specific devices by DHCP to the same IP range.
These devices (medical equipment, used in hospital) are all from the same vendor.So the first three octets in the MAC address (Organizationally Unique Identifier , OUI) are the same for each device. The next three are always 'unknown'.I know how to bind a fully known MAC address to a host ip or ip range , but is it somehow possible to do this by the OUI ?Like using some wildcard option.
Am I able to use an SSL cert in the proxy list for the same VIP but on a different port?
View 1 Replies View RelatedRegion : UnitedKingdom
Model : TD-W8960N
Hardware Version : V4
Firmware Version : 1.4.0 Build 111130 Rel.55990n
ISP : DEMON
I'm using parental controls to block all devices in the house from using tumblr. I cannot do this at a device by device level as it is being used on iphones/androids, laptops and desktops.Unfortunately, the way that tumblr works is that it use many URLs for the different pages people set up so it is not just a case of blocking url... - so I'm struggling to work out if I can do this via URL blocking on the router settings. How to do this at router level.
We are currently evaluating ISE and I am stuck with the PEAP authentication (with Server side Cert).Our current setup consists of two 5508 controllers, 30+ access point. For authentication we are using PEAP with (server side Cert). We have an IAS server which is also acting as a CA server. We are using Cisco’s NAM as a supplicant on Windows XP & 7 workstations. I would like to use ISE for authentication. I would like to use PEAP with Server side Cert (similar setup like IAS). I want ISE to perform the same function in addition to profiling etc.....
I was able to integrate ISE with Active Directory but could not get it working with PEAP (server side Cert). I would also like to know if they used Microsoft’s CA server or Open SSL CA server or a third party CA server (Go Daddy, VeriSign etc.)Can you we ISE as a CA server just the way we used Microsoft’s IAS Server as a CA Server?
I have ACS4 and i am planning to upgrade to ACS5.I would like to have such a rules:I have user1, one ASA device which is VPN concentrator for remote users.ASA have two different tunnel-groups: one which allow for logging via certificate (with mandatory pki authorization thru ACS) with disabled Xauth,and second tunnel-group with allow login thru typical Xauth with authorization thru ACS which users external database (RSA Tokens).So i have one user1 which can login thru VPN using RSA tokencode or certificate.For example: on phone user1 uses certificate, and on PC station the same user1 uses token password.For tunnel-group with pki authorization ASA checks username in ACS and in typical scenario login="CN from certificate" and password="CN from certificate". So we would need "two credentials" for the user - one for pki authorization, and second one external database (RSA token).Is such scenatio possible under ACS 5 ? where one user uses different credentials based on tunnel-group usage ?
View 2 Replies View RelatedI am working on a Drupal site which is on a virtual server (the way it's been explained to me). I've been told I need to work with it through webdev. So I can copy a file off the server and onto my local machine. I make my edits and then try to upload it to the server. I get locked out with the message: Error 0x80070021: The process cannot access the file because another process has locked a portion of the file. I have tried shutting down my code editor, opening and closing the connection, tried different methods of reaching the server (Cyberduck and through Window's map network feature) to no avail. What can I do?
View 1 Replies View RelatedI have a 2500 series router model 2501 , i would like to perform an update but i can't seem to get the file from cisco.
View 1 Replies View RelatedI'm trying to figure out how to get two 5510 ASA's to establish a Site-to-Site VPN.The version with two static IP's is working perfectly and stable but I haven't figured out how to get a VPN running between a static and a dynamic IP
View 12 Replies View RelatedI would like to use the NCS 1.2 to monitor Juniper SRX 210 firewall. When I try to import the MIB File from NCS, which show "Error: Failed to load MIB File "mib-802" because it is not in the resource path.what I can upload the MIB File from Juniper. [code]
View 0 Replies View RelatedI have a problem with RME 4.2 from CWLMS 3.1. I have configured SSH in my asa 5520 device but RME can't get the configuration file. I ran a job to sync archive but i get this message error:
*** Device Details for ASA_5520_VOZ_01 *** Protocol ==> Unknown / Not Applicable Selected Protocols with order ==> Telnet,TFTP,SSH Execution Result: CM0062 Polling ASA_5520_VOZ_01 for changes to configuration. CM00 Polling not supported on
[Code].....
The router(Cisco 857) appears to be boot, and operate normally.I have tried formating the flash, re-downloading and FTP uploading the image, and also tried the latest image c850-advsecurityk9-mz.124-15.T17.bin, but this warning message persists. [code]
View 3 Replies View Related