Skip to content
Menu
vernon.wenberg.net
vernon.wenberg.net
October 20, 2020February 21, 2022

Import certificate for Firepower Remote Access VPN

This guide uses a DigiCert certificate, but any certificate bundle would work.

The easiest way to do this is using a PKCS12 file. The certificate CSR, key, and PFX file are generated
in Linux. Save settings as needed.

First we need to create a CSR to use with Digicert to issue our certificate in Linux. The following
command will generate two files, domain.key and domain.csr. Use the contents of domain.csr to
generate the certificate in Digicert.

openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

Download the certificate file from Digicert using the “A single .pem file containing all certs”. Use the
following command to generate a PKCS12 bundle. domain.pem is the certificate file you downloaded
from Digicert. domain.pfx is the file you will import to the Firepower FMC. domain.key is generated
using the first command.

openssl pkcs12 -export -out domain.pfx -inkey domain.key -in domain.pem
  • Navigate to Objects → PKI → Cert Enrollment → Add Cert Enrollment
  • Choose PKCS12 file in the Enrollment Type dropdown. Select domain.pfx and click Save.
  • Navigate to Devices → Certificates → Add
  • Select your target device and enrollment that you created in the previous steps and click Add.
  • Navigate to Devices → VPN → Remote Access and edit your target device.
  • Click on the Access Interfaces tab.
  • In SSL Global Identity Certificate and IKEv2 Identity Certificate, select the Enrollment Cert you created in the previous steps.
  • Save and deploy.

Share this:

  • Click to share on X (Opens in new window) X
  • Click to share on Facebook (Opens in new window) Facebook
  • Click to print (Opens in new window) Print
  • Click to share on Pocket (Opens in new window) Pocket
  • Click to share on Reddit (Opens in new window) Reddit
  • Click to share on LinkedIn (Opens in new window) LinkedIn

Like this:

Like Loading...

Related

Disclaimer

These posts are notes for me. These are not guides and you should not use these instructions as step-by-step instructions without knowing what they do.

Recent Posts

  • Docker Reference
  • Useful Commands for Windows Subsystem for Linux
  • FortiManager Local-In Policy
  • Mount Google Drive in Linux using rclone
  • Restore original Explorer context menus in Windows 11

Mastodon

  1. Loading Mastodon feed...

©2025 vernon.wenberg.net | Powered by WordPress and Superb Themes!
%d