Problem

How do I generate a CSR on Cisco ASA using ASDM?

Solution

Cisco ASA has two methods of creating and installing SSL Certificates; through command line and using the GUI. This process describes the process using the GUI, named the ASDM (Adaptive Security Device Manager).

1. In the Cisco ASDM, click on the Configuration button at the top, and then click on the Device Management button at the bottom.
2. In the Device Management section on the left side, expand Certificate Management, and choose Identity Certificates.
3. In the main window, click on the Add button to the right.
4. Select the option, Add a new identity certificate and click on the New button across from the Key Pair field.
5. In the new Add Key Pair window, select the option, Enter new key pair name: and enter in a name for the key pair.
6. Change the Size field to 2048 from the drop-down list.
7. Select the General Purpose option.
8. Click on the Generate Now button.  This will create the key pair.
   Back in the Add Identity Certificate window, you should see the key pair name given in step 5 selected in the drop down Key Pair field.
   
   Now you will have to define the Certificate Subject DN.  The easiest way to do this through the ASDM is to use the menu that is provided.
   
   
9. Click on the Select button across from the Certificate Subject DN: field.
10. The Certificate Subject DN window will open. In this window, you will select an attribute from the drop-down list and then enter in the details for that attribute in the Value: field. Once you have done this for a single attribute, click on the Add button and continue onto the next attribute.
    Below is a list of all the attributes that you can select to help you out.
    
    Common Name (CN): This will be the Common Name on the certificate. The Common Name is the Host + Domain Name. It looks like secure.example.com or example.com.
    
    Company Name (O): The legal name of your organization.
    
    Department (OU): This optional field is the name of the department or other group making the request.
    
    Location (L): The locality field is the city or town name, for example: Hamilton or Stamford.
    
    State (St): Spell out the state completely; do not abbreviate the parish, state or province name, for example: Pembroke of Connecticut.
    
    Country (C): Use the two-letter code of your country without punctuation, for example: BM or GB or CH.
    
    Note: It is important to keep each field under 64 characters. Failing to do this will create difficulties when trying to install the certificate.
    
    
11. Click on the OK button.
    Back in the Add Identity Certificate window, you may notice that the Certificate Subject DN: field has been populated with the information that you previously input.
    
    
12. Click on the Advanced button.
13. In the Advanced Options window, you have to enter in the FQDN in the appropriate field. This is the Fully Qualified Doman Name that will be used to access the device from the internet.  This value should same as the Common Name (CN) value that you entered in for the Certificate Subject DN attributes.
14. Click on the OK button and then in the Add Identity Certificate window, click on the Add Certificate button.
15. You will be prompted to save your CSR as a .txt file.  You can specify the location by clicking on the Browse button.
16. Open the .txt file using a text editor (such as Notepad), copy all the contents and submit it to QuoVadis.