SSL Certificates Help

Generate a CSR (Certificate Signing Request) for my Cisco ASA 5500 VPN/Firewall

Before you request a certificate, use the Cisco Adaptive Security Device Manager (ASDM) to generate a Certificate Signing Request (CSR) for your Cisco Adaptive Security Appliance (ASA) 5500 VPN or firewall.

  1. Launch the Cisco ASDM (Adaptive Security Device Manager).
  2. In the list of icons near the top of the screen, click Configuration.
  3. On the left hand sidebar, click Remote Access VPN.
  4. In the new panel on the left, click to expand Certificate Management then click Identity Certificates.
  5. On the right-hand side of the main panel, click Add.
  6. For the Trustpoint Name, simply enter a name to easily identify your SSL at a later date.
  7. Select the radio button to Add a new identity certificate.
  8. To the right of Key Pair, click New....
  9. On the new window, select RSA for Key Type.
  10. Select the radio button for Enter new key pair name and enter a name to easily identify your SSL at a later date.
  11. With Size, select 2048 in the drop down menu.
  12. For Usage, select General purpose.
  13. Click Generate Now.
  14. Back on the Add Identity Certificate window, click Select... to the right of Certificate Subject DN.
  15. In the new window, you'll want to include your attributes by choosing an option from the Attribute drop down menu, typing in the Value and clicking Add>> for each item below:
  16. AttributeDescription
    Common Name (CN)The fully-qualified domain name, or URL, you want to secure for connections to your firewall.
    Note: If you're requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *
    Company Name (O)The legally-registered name for your business. If you're enrolling as an individual, enter the certificate requestor's name.
    Country (C)The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
    State (St)Name of the state where your organization is located. Do not abbreviate.
    Location (L)Name of the city where your organization is registered/located. Do not abbreviate.
  17. Click OK to confirm.
  18. Back on the Add Identity Certificate window, click Advanced....
  19. In the new window, fill out the field for FQDN with the same Common Name (CN) you used earlier.
  20. Click OK to confirm.
  21. Back on the Add Identity Certificate window, ensure the Enable CA flag in basic constraints extension remains checked.
  22. Click Add Certificate.
  23. In the prompt to save your CSR, click Browse....
  24. Choose a location where you wish to save the CSR with the .txt extension at the end of your file name. You'll need to open this newly created file to copy its contents for the next step.

Next step

After you create a CSR, you'll need to request your certificate.

More info

Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved.

Share this article