Ask a Question

Managed PKI for SSL - Certificate Signing Request (CSR) Generation Instructions for Cisco ASA 5510

Solution


This document uses an ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2) and provides instructions for generating a Certificate Signing Request (CSR) for Cisco ASA 5510. If unable to use these instructions for the server, Symantec recommends to contact Cisco.
 
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose the private key file or your password and generate a new one, your SSL certificate will no longer match.

Step 1: Generate a key pair

  1. Within ASDM, click Configuration > Device Management.
  2. Click Certificate Management > Identity Certificates > Add > Add a new identity certificate.
  3. For the Key Pair, click New > Enter new key pair name.
  4. Enter a unique key pair name for the certificate.
  5. Select the key size as 2048.
  6. To complete the generation of the key pair, click Generate Now.


Step 2: Generate a certificate signing request (CSR) file

  1. To enter certificate information, click Select.
  2. From the drop-down list, select the following attributes > enter value > click Add.
  3. The following fields are required: 
     
    • Country Name (C): Enter the two-character abbreviation of country in which organization resides (e.g. US).
    • State or Province (S): Enter the full name of your state or province.
      Note: Make sure the State or Province is not abbreviated (e.g. California).
    • Locality or City (L): Usually the city of your organization's main office, or a main office for your organization.
    • Organization (O): The full legal name of your company.
    • Organizational Unit (OU): Use this field to differentiate between divisions within an organization.
    • Common Name (CN): The fully-qualified domain name to which your certificate will be issued.
       
  4. Once the appropriate values are added, click OK > Advanced.
  5. In the FQDN field, enter the FQDN that will be used to access the device from the Internet.
    NOTE: If enrolling for a Subject Alternative Name certificate leave this field blank.  SAN should be specified on the Symantec enrollment form.
  6. Click OK Add Certificate > Browse.
  7. Choose a location where to save the request file.
  8. Verify your CSR with the Symantec CryptoReport.
  9. Proceed with Enrollment.


Once the SSL certificate has been issued, follow the steps from this link to install it on the server.


Cisco

          For more information, refer to Cisco Support