CSR CREATION FOR CISCO ASA 5500 VPN
INSTALL SSL CERTIFICATE FOR CISCO ASA 5500 VPN
1. You will begin at the ASDM, and click on Configuration. Then, select Device Management.
2. Open Certificate Management, and click on Identity Certificates and press ADD.
3. Click the option next to “Add a new identity certificate,” and then press New located on the same line as Key Pair.
4. Click the button next to “Enter new key pair name” and create a name (this can be anything) for your key pair. Then, select “Generate Now” to make your key pair. Be sure to select the key size to 2048, and leave Usage as the default General Purpose.
5. Then, you will fill in the “Certificate Subject DN” by choosing the Select option next to each field. In order to customize the values you will select each from the Attribute menu and Select ADD.
CN: This is typically your domain name and the name that is referenced when accessing the firewall.
OU: This is the name of the department that will be using the CSR.
O: Type in the name that is legally registered with the organization.
C: This is your country code, and if you are not sure of your country’s code click on this link: https://www.digicert.com/ssl-certificate-country-codes.htm
ST: Type in the state where your organization is based.
L: Type in the city where the organization is based.
TIP: Be sure to note that there is a 64 character limit for the information above, and going over this limit could cause issues later when installing your certificate.
6. Once on the Add Identity Certificate screen, Select Advanced.
7. Within the FQDN window, be sure to type in the fully-qualified domain name that will be used to access the device externally. For example, vpn.domain or the same name that was selected for the CN option on step 5.
8. Select OK, and press Add Certificate. Next, you will need to save your CSR as a text file (.txt extension). Make sure you take note of the filename and where you saved it, because you will need this file later.
9. Lastly, when you get your SSL Certificate from DigiCert you are able to install it.
INSTALL SSL CERTIFICATE FOR CISCO ASA 5500 VPN
Back To Guides