INSTALL SSL CERTIFICATE FOR CISCO ASA 5500 VPN
CSR CREATION FOR CISCO ASA 5500 VPN
1. First, you must download your Intermediate and Primary Certificate files from your DigiCert account to the location where you will have your certificate information.
2. Next, within the ASDM choose Configuration and press Device Management.
3. Open Certificate Management, click CA Certificates, and press Add.
4. Select the Install from file menu and browse to find the DigiCertCA.crt file. Then, select the Install Certificate option located a the bottom of the Install Certificate screen. You have now installed your intermediate certificate, and now you must install the your_domainname_com.crt file.
5. Within the ASDM menu click Configuration and press Device Management.
6. Open the Certificate Management tool and click Identity Certificates.
7. Click the identity certificate that you created when you made your CSR. Note that the Issued By field will say not available and the Expiry Date will say pending. Then, Select Install.
8. Now, click browse to select the correct identity certificate (this is your_domainname_com.crt issued by DigiCert), and select Install Certificate.
9. You will receive a notification to confirm the installation is complete.
CONFIGURING WEBVPN WITH ASDM TO USE THE NEW SSL CERTIFICATE
1. Within ASDM click Configuration and select Device Management.
2. Then, press Advanced and select SSL Settings.
3. Next, click Certificates and select the interface that will be used to close WebVPN sessions. Then, you will select Edit.
4. Once on the Certificate menu, click the installed certificate and press OK. Then, push Apply.
5. Your WebVPN is now officially configured.
SSL CERTIFICATE INSTALLATION FROM THE CISCO ASA COMMAND LINE (ALTERNATE INSTALLATION METHOD)
1. When you are on the ciscoasa(config)# line, type in the text bellow:
crypto ca authenticate my.digicert.trustpoint. This is the name of the trustpoint you created.
2. Then, copy and paste the entire DigiCertCA.crt file with select quit next to it.
3. Next, Select yes when prompted to accept the certificate.
4. After the certificate has been properly imported, click Exit.
5. Now, next to the ciscoasa(config)# option enter the following:
crypto ca import my.digicert.trustpoint certificate
This is the name of the trustpoint you created previously.
6. Paste the entire file of your_domainname_com.crt file and choose quit located by itself. There will be a notification stating that the certificate was imported correctly.
CONFIGURING WEBVPN TO USE THE NEW SSL CERTIFICATE FROM THE CISCO ASA COMMAND LINE
1. Go to the ciscoasa(config)# line and type: “ssl trust-point my.digicert.trustpoint outside wr mem.” The trust point is the same one you chose when you created your certificate and outside represents the name of the interface you are configuring.
VERIFY YOUR SSL IS FUNCTIONING
1. You can verify that your SSL is accessible by going to the SSL Certificate Check tool: https://www.digicert.com/help/
2. You can also check its functionality by using a web browser to visit your site using Internet Explorer and Firefox. For example, Firefox will give you a warning if the intermediate certificate was not properly installed. If you receive error messages, it is time to take a second look at the installation process. It could be that the server is not communicating on port 443, or that there is a firewall blocking traffic on TCP port 443 to the web server.
CSR CREATION FOR CISCO ASA 5500 VPN
Back To Guides