ASA - Generate SSL Certificate
Sample Data
Click here for sample data Step 1. Verify that the Date, Time, and Time Zone Values are Accurate
show clock Step 2. Generate a Certificate Signing Request
crypto key generate rsa label [[RSA Key]] modulus 2048 crypto ca trustpoint [[Trustpoint Name]] subject-name CN=[[FQDN]],OU=[[Department Name]],O=[[Company Name]],C=[[Country Code]],St=[[State]],L=[[City]] keypair [[RSA Key]] fqdn [[FQDN]] enrollment terminal exit crypto ca enroll [[Trustpoint Name]] 1. Include the device serial number in the subject name? [yes/no]: no 2. Display Certificate Request to terminal? [yes/no]: yes 3. Save the output as a .key file and upload it to your SSL provider 4. Submit the saved CSR to your 3rd party vendor. Once you submit the CSR to your 3rd party vendor, they will provide you the identity certificate to be installed on the ASA. Step 3. Authenticate the Trustpoint
Once you receive the identity certificate from the 3rd party vendor, you can proceed with this step. crypto ca authenticate [[Trustpoint Name]] Step 4. Install the Certificate
crypto ca import [[Trustpoint Name]] certificate Step 5. Configure WebVPN to Use the Newly Installed Certificate
ssl trust-point [[Trustpoint Name]] outside Step 6. Verify
show crypto ca certificates Resources
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98596-asa-8-x-3rdpartyvendorcert.html



RSA Key:
Trustpoint Name:
FQDN:
Department Name:
Company Name:
Country Code:
State:
City:


Use this code to post the full script to your own page:



Use this code to post only the variables to your own page: