Certificate Signing Request (CSR) Generation Instructions for Cisco ASA 5510

Solution ID:    SO6495    Updated:    06/05/2017

Solution


This document uses an ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2) and provides instructions for generating a Certificate Signing Request (CSR) for Cisco ASA 5510. If you are unable to use these instructions for your server, Symantec recommends that you contact Cisco.
 
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

Step 1:  Generate a key pair

  1. Within ASDM, click Configuration > Device Management
  2. Click Certificate Management > Identity Certificates > Add > Add a new identity certificate
  3. For the Key Pair, click New > Enter new key pair name
  4. Enter a unique key pair name for the certificate
  5. Select the key size as 2048
  6. To complete the generation of the key pair, click Generate Now


Step 2: Generate a certificate signing request (CSR) file

  1. To enter certificate information, click Select
  2. From the drop-down list, select the following attributes > enter value > click Add
  3. The following fields are required: 
     
    • Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
    • State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
    • Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
    • Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
    • Organizational Unit (OU): This field is the name of the department or organization unit making the request.
    • Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.symantec.com" or "symantec.com".
      NOTE: Symantec certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "symantec.com" will receive a warning if accessing a site named "www.symantec.com" or "secure.symantec.com", because "www.symantec.com" and "secure.symantec.com" are different from "symantec.com".
       
  4. Once the appropriate values are added, click OK > Advanced
  5. In the FQDN field, enter the FQDN that will be used to access the device from the Internet:
    NOTE - If enrolling for a Subject Alternative Name certificate leave this field blank.
  6. Click OK Add Certificate > Browse
  7. Choose a location where to save the request file
  8. Verify your CSR
  9. Proceed with Enrollment.


Once the SSL certificate has been issued, follow the steps from this link to install it on the server: SO6496


Cisco

          For more information, refer to Cisco Support
 

Legacy ID

vs43071

Disclaimer:

Terms of use for this information are found in Legal Notices

Contact Support

Find Answers

Languages

This article is available in the following languages: