Cisco Firepower FMC Wildcard SSL Certificate Remote Access AnyConnect VPN
Changing the Wildcard SSL on a Cisco Firepower FMC for a AnyConnect VPN When changing or renewing a Wildcard SSL for Cisco AnyConnect on the FMC you want to use the appropriate export function on the originating device so you don't run into errors. Exporting the Wildcard SSL can be tricky if you use the wrong process. If you are exporting from a Windows based server, DON'T export from the IIS Console. Open up the MMC and open the Certificates module and export from that method. It will export the correct path with the cert into the pfx file. Importing into FMC will be seamless and both the CA and ID will be correct. Otherwise, if you use the IIS export method the path for the CA is incorrect and you will get a red X on the CA status. Hope this helps someone save some time.