This guide uses a DigiCert certificate, but any certificate bundle would work.
The easiest way to do this is using a PKCS12 file. The certificate CSR, key, and PFX file are generated
in Linux. Save settings as needed.
First we need to create a CSR to use with Digicert to issue our certificate in Linux. The following
command will generate two files, domain.key and domain.csr. Use the contents of domain.csr to
generate the certificate in Digicert.
openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
Download the certificate file from Digicert using the “A single .pem file containing all certs”. Use the
following command to generate a PKCS12 bundle. domain.pem is the certificate file you downloaded
from Digicert. domain.pfx is the file you will import to the Firepower FMC. domain.key is generated
using the first command.
openssl pkcs12 -export -out domain.pfx -inkey domain.key -in domain.pem
- Navigate to
Objects → PKI → Cert Enrollment → Add Cert Enrollment
- Choose PKCS12 file in the Enrollment Type dropdown. Select
domain.pfx
and click Save. - Navigate to
Devices → Certificates → Add
- Select your target device and enrollment that you created in the previous steps and click Add.
- Navigate to
Devices → VPN → Remote Access
and edit your target device. - Click on the Access Interfaces tab.
- In SSL Global Identity Certificate and IKEv2 Identity Certificate, select the Enrollment Cert you created in the previous steps.
- Save and deploy.