Cisco FMC Certificate Renewal for VPN SSL

LinkedIn
Twitter
Facebook

Table of Contents

IT Networks How-To Logo

As with most Cisco gear, performing some operations are either poorly documented or highly tedious!

In this quick article we’ll show you how to renew the Remote Access VPN SSL certificate using Cisco’s Firepower Management Center (FMC).

Renew your SSL Certificate for Cisco FMC

  1. Open up FMC and go to Objects > Object Management > PKI > Cert EnrollmentRenew Firepower Remote Access SSL Certificate
  2. Click Add Cert Enrollment
  3. Give your Enrollment a name – I like to name it with a year so I can track it.
  4. Click Certificate Parameters, then change Include FQDN: to Custom FQDN
    Complete the Parameters as required.custom FQDN SSL certificate
  5. Now head over to Devices > Certificates and click Add
  6. Select your device and the new certificate your created earlier.Add Certificate
  7. You will notice a warning: ‘Identity certificate import required’ so click ID and you will be prompted that a Certificate Signing Request (CSR) is going to be generated.create CSR request
  8. Copy the CSR, then head over to your favourite SSL Reseller – in this example we are using Synergy Wholesale in Australia.
  9. When you renew or purchase an SSL certificate, you will be prompted to supply the CSR. Paste in the CSR from above.paste in the CSR
  10. Approve & Validate the SSL request as required then wait for the SSL Certificate.
  11. Once you receive the SSL Certificate paste its contents into Notepad.
  12. Head back to FMC, and click Browse Identity Certificate.  Supply the Notepad file.paste SSL certificate into request
  13. Nearly there! We now just have to update the Remote Access VPN (RA-VPN) with the new SSL Certificate. From FMC click Devices > VPN > Remote Accessedit remote access vpn
  14. Edit your Remote Access VPN, then click Access Interfaces
  15. Update the SSL Identity Certificates then don’t forget to click Saveupdate the SSL certificate
  16. Deploy the changes!deploy changes to FMC

Your Remote Access VPN SSL certificate is now renewed. You can verify this by either checking the matched SSL Certificate from the Cisco AnyConnect VPN client (once connected). If you have https enabled, you can also check using your web-browser by just going to the FQDN and clicking on the certificate.

As with all our articles, please feel free to reach out if you need assistance.

Sign up to receive the latest news and offers from IT Networks​

About IT Networks

At IT Networks, we provide managed IT services designed to keep your business running smoothly and securely. From handling day-to-day IT operations to implementing robust cyber security solutions, we ensure your technology works seamlessly so you can focus on what matters most—growing your business. Let us streamline your IT infrastructure, enhance your security posture, and help you drive greater success.
Kim Pham - IT Network Security