Ask a Question

Solution ID : SO22507

Last Modified : 05/18/2018

Managed PKI for SSL - Installation Instructions for Cisco ASA 5510

Solution


This document provides installation instructions for ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2). If you are unable to use these instructions for your server, Symantec recommends that you contact the server vendor or the organization which supports ASA 5510.

Step 1: Download the Symantec Root and Intermediate CA Certificate

NOTE: For Cisco ASDM 6.3 and 6.1, you must install the Root and Intermediate CA Certificates first before generating your RSA key.

NOTE: To check which certificate type you have purchased, follow the steps from this link.
 

  1. Click here to download the Symantec Root CA under Managed PKI for SSL section.
  2. Click here to download the Symantec  Intermediate CA.
  3. Select the Managed PKI for SSL tab.
  4. Select the appropriate Intermediate CA certificate based on your SSL product.
     

Step 2: Install the Symantec Root  CA Certificate

  1. Within ASDM, click Configuration > Device Management.
  2. Click Certificate Management > CA Certificates.
  3. Click Add.
  4. Click Paste certificate in PEM Format > paste the root certificate into the text field.
  5. Click Install Certificate.


A dialog box appears that confirms the installation was successful.
 

Step 3: Install the Symantec Intermediate CA Certificate

  1. Within ASDM, click Configuration > Device Management.
  2. Click Certificate Management > CA Certificates.
  3. Click Add.
  4. Click Paste certificate in PEM Format > paste the Intermediate certificate into the text field.
  5. Click Install Certificate.


A dialog box appears that confirms the installation was successful.

Step 4: Obtain the SSL Certificate

  1. Once your Managed PKI for SSL administrator has approved the certificate request, you will receive an email with
    a certificate download link, also attached (cert.cer), as well as in the body of the email itself.
  2. If copying the certificate imbedded in the body of the email, paste it into a text file using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file.

    The text file should look like:

    -----BEGIN CERTIFICATE-----
              [encoded data]
    -----END CERTIFICATE-----

    NOTE: Click here to download the certificate from your Managed PKI for SSL subscriber services page.
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
     
  3. Save the file as SSLcert.pem


Step 5: Install the SSL Certificate

  1. Click Configuration > Device Management.
  2. Click Certificate Management > Identity Certificates.
  3. Select the identity certificate you created (The Expiry Date should display Pending).
  4. Click Install.
  5. Click Paste the certificate data in base-64 format > paste the certificate into the text field.
  6. Click Install Certificate.


A dialog box appears that confirms the installation was successful.
 

 Step 6: Activate the newly installed SSL certificate for use

  1. Click Configuration > Device Management.
  2. Expand Advanced, and then expand SSL Settings.
  3. Under Certificates, select the interface that is used to termintate WebVPN sessions.
  4. Click Edit.
  5. In the Certificate drop-down list, choose the certificate that you just installed.
  6. Click OK.
  7. Click Apply.
  8. Your new certificate should now be activated for use with your ASA.
  9. Verify your installation with the Symantec Installation Checker.


Cisco

         For more information, refer to Cisco ASA documentation.