Installation Instruction for Cisco ASA 5520

Solution ID:    SO22525    Updated:    08/11/2017

Problem

How do I install a Symantec certificate on Cisco ASA 5520
How do I install a Symantec Wildcard certificate on Cisco ASA 5520

Solution

To install a certificate into a Cisco ASA 5520 device, perform the following steps:

STEP 1: Download Symantec Certificate
 
  1. Download the certificate from the Symantec Trust Center, follow the steps from this link: SO8061
    Please select Apache as the server platform, and HTTP as the server version
     
  2. If the certificate was sent by email, copy the certificate embedded in the body of the email and paste it into a text file using Vi or Notepad.
    Do not use Microsoft Word or other word processing programs that may add characters. The text file should look like:

    -----BEGIN CERTIFICATE-----
             [encoded data]
    -----END CERTIFICATE-----

    To follow the naming convention for Cisco, rename the certificate filename with the .crt extension. For example: public.crt
     

STEP 2: Download Symantec Intermediate CA Certificate

  1. Download the Intermediate CA from the following solution: INFO657
    NOTE: If you downloaded the certificate from the Symantec Trust Center, it will include the intermediate file. Proceed to step 2 below.
    If you are unsure of which product you have purchased, please review the following solution: SO13499
     
  2. Open the Cisco ASDM, then Under the Remote Access VPN window pane, then in the Configuration tab, expand Certificate Management and click CA Certificates.

  1. Click the Add button.

  2. Assign a Trustpoint Name to the certificate (e.g. intermediate.crt), And select the Install from a file: radio button and browse to intermediate.crt. Click Install Certificate.
     



    You should then see the Certificate listed with the Trustpoint Name you assigned to it.

 

Step 2: Install your SSL certificate

  1. Under Remote Access VPN, expand Certificate Management > Identity Certificates.

    Select the identity you created for the CSR with the Expiry Date shown as pending and click Install, select yourdomain_com.crt and click Install Certificate. Once installed the Expiry Date will no longer show 'Pending.'



  2. The certificate now needs to be enabled. On the lower left, click Advanced > SSL Settings. Then, select the interface you want SSL enabled for and click Edit.



  3. On the next screen, click the drop-down menu and for Primary Enrolled Certificate select your certificate then click OK.


     

  4. The ADSM will then show your certificate details under trustpoint.

  5. To verify if your certificate is installed correctly, use the Symantec Installation Checker

 

Cisco ASA 5520

          For more information, see the Cisco Support website.

Disclaimer:

Terms of use for this information are found in Legal Notices

Contact Support

Find Answers