Having already generated the RSA key-pair on the ASA with “crypto key generate rsa mod 2048”) create a trustpoint for the VPN users, generated an SSL cetificate and CSR and have received the signed X.509 certificate and CA and intermediate SSL certificates, the certificate and CA certs will need to be installked onto the Cisco ASA. This procedure describes the method using the CLI. Read more…
Here are a list of useful OpenSSL commands which might be useful to use in a Bash script:
Determine who issued the certificate:
$ echo | openssl s_client -connect server.com:443 2>/dev/null | openssl x509 -noout -issuer
issuer= /C=US/O=Company Inc/CN=www.server.com Read more…
When an TLS/SSL session (such as HTTPS (default port 443) is established an SSL handshake or exchange of messages occur between the client (initiating the connection) – and a server. (See this post for an explanation of SSL certificates and encoding).
The first set of messages are called the Handshake Protocol after which both client and server enter the Record (or Data) Protocol. The messages exchanged during the Handshake Protocol achieves the following: Read more…