Logins:
- Customer login for cert vendor
- Login to server/device where we want to install the cert
We need 3 files:
- Wildcard cert (download from cert vendor site digicert/godaddy etc)
- Private key (get from customer or find on windows servers or make one with openssl cmd)
- cert chain bundle (download from cert vendor site)
We need the private key password (you can set if when making one):
- Password for the private key.
This password and pkey should be stored secure and safe somewhere by the customer for later use.
Command to generate private key if needed:
This command "openssl genrsa -out private.key 2048"
Once we have all files bundle them into one pfx file with openssl:
openssl pkcs12 -export -in wildcard-cert.crt -inkey private.key -certfile sf_bundle-g2-g1.crt -out cert-chain-pkey-bundle.pfx
In this case the wildcard was already installed on a windows server (exchange)
I opened mmc on the exchange server
added the certs snap in
Found the wildcard cert
Exported it with the private key (set a password)
Exported PFX
In firepower went to objects -> PKI -> cert enroll
Selected import from PCKS12 files
Now go to devices certificates -> add
Now go to devices -> VPN -> Remote access
Edit the AnyConnect profile
Access interfaces tab
Change the two entries SSL and IKEv2 and select the new cert
Save + Deploy
No comments:
Post a Comment