This document uses an ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2) and provides instructions for generating a Certificate Signing Request (CSR) for Cisco ASA 5510. If unable to use these instructions for the server, Symantec recommends to contact Cisco.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose the private key file or your password and generate a new one, your SSL certificate will no longer match.
Step 1: Generate a key pair
- Within ASDM, click Configuration > Device Management.
- Click Certificate Management > Identity Certificates > Add > Add a new identity certificate.
- For the Key Pair, click New > Enter new key pair name.
- Enter a unique key pair name for the certificate.
- Select the key size as 2048.
- To complete the generation of the key pair, click Generate Now.
Step 2: Generate a certificate signing request (CSR) file
- To enter certificate information, click Select.
- From the drop-down list, select the following attributes > enter value > click Add.
- The following fields are required:
- Country Name (C): Enter the two-character abbreviation of country in which organization resides (e.g. US).
- State or Province (S): Enter the full name of your state or province.
Note: Make sure the State or Province is not abbreviated (e.g. California).
- Locality or City (L): Usually the city of your organization's main office, or a main office for your organization.
- Organization (O): The full legal name of your company.
- Organizational Unit (OU): Use this field to differentiate between divisions within an organization.
- Common Name (CN): The fully-qualified domain name to which your certificate will be issued.
- Once the appropriate values are added, click OK > Advanced.
- In the FQDN field, enter the FQDN that will be used to access the device from the Internet.
NOTE: If enrolling for a Subject Alternative Name certificate leave this field blank. SAN should be specified on the Symantec enrollment form.
- Click OK > Add Certificate > Browse.
- Choose a location where to save the request file.
- Verify your CSR with the Symantec CryptoReport.
- Proceed with Enrollment.
Once the SSL certificate has been issued, follow the steps from this link to install it on the server.
For more information, refer to Cisco Support