Loading...

Knowledge Center

/
centrexIT
Knowledge Center

Occupational Services AnyConnect Cert Renewal for Occupational Services Cisco FTD

KB00003125
Shawn Lindell Work Instruction 1 min
PublishedShawn Lindellv1.0
Published Sep 29, 2025Expires Jan 9, 2027

1.      Logon to OSI-VEEAM

2.      “Open SSL” is needed to request cert, which is installed on the Veeam server

3.      Open command line as admin, and enter command: CD C:\Program Files\OpenSSL-Win64\bin

4.      This command changes the directory to the needed one

5.      Next command to run is: openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out ftd3.csr

6.      The “ftd3” portion can be named to anything.

7.      You will be asked to enter State, City, Organization, Organizational Unit Name, Common Name, and Email

8.      They can be blank, the only required one is Common Name which is the anyconnect address: anyconnect.occserv.com

9.      You can also set a challenge password.

10.      Find the .CSR file you just created in the path: C:\Program Files\OpenSSL-Win64\bin

11.      Open the CSR in notepad, and copy it, use a site like https://www.sslshopper.com/csr-decoder.html to see that the CSR info is correct

12.      Login to Centrex’s One Login and launch “Go Daddy”

13.      Select the 3x3 row of dots and select “SSL Certificates”

14.      Search for Occserv

15.      You will find the URL, click the blue link “anyconnect.occserv.com

16.      Halfway down, you will see “Manage Certificate”

Paste the CSR in the box, and “Add Change” then, “Submit all changes”

17.      Refresh the page, then under “download Certificate”

18.      Under “Server Type” select “Other” and “Download Zip File”

19.      This will download a Zip file, copy from your computer and place in C:\Program Files\OpenSSL-Win64\bin on OSI-VEEAM, and extract the folder

20.      Login to the FTD via IP URL: 192.168.1.1, credentials in PWState

21.      Select “Objects”

22.      On the left side, select “Certificates”

23.      You will have to scroll right and hit the blue exclamation

24.      Select “Replace Certificate”

25.      You will need to upload the .PEM file from the zip file and the private Key

26.      PEM file example at: C:\Program Files\OpenSSL-Win64\bin\anyconnect.occserv.com

27.      Key file example at: C:\Program Files\OpenSSL-Win64\bin

28.      Once Keys are uploaded Select “OK”

29.      You will then have to commit changes by updating the Pending changes, found here:

30.      After five minutes, browse to anyconnect URL at anyconnect.occserv.com, and verify cert is updated