Article Purpose: This article provides step-by-step instructions for generating a Certificate Signing Request (CSR) on a Cisco ASA 5500 VPN/Firewall. If this is not the solution you are looking for, please search for your solution in the search bar above.
- From the Cisco Adaptive Security Device Manager (ASDM) select Configuration and then Device Management.
- Expand Certificate Management then select Identity Certificates. Click Add.
- Select Add a New Identity Certificate. Click New… for the Key Pair.
- Select Enter New Key Pair Name and enter any name for the key pair. Make sure the key size is "2048" and the usage is selected for "General purpose". Click Generate Now to create your key pair.
- Next you will define the Certificate Subject DN by clicking Select to the right of that field. In the Certificate Subject DN window, configure the following values by selecting each from the Attribute drop-down list, entering the appropriate value, and clicking Add.
- CN – The name through which the firewall will be accessed (usually the Fully Qualified Domain Name, e.g., vpn.domain.com).
- OU – The name of your department within the organization (frequently this entry will be listed as “IT”, “Web Security", or is simply left blank).
- O – The legally registered name of your organization/company.
- C – Your country's two-digit code.
- ST – The state in which your organization is located.
- L – The city in which your organization is located.
- Click Advanced in the Add Identity Certificate window.
- In the FQDN field, type in the Fully Qualified Domain Name through which the device will be accessed externally, e.g., vpn.domain.com (or the same name as was entered in the CN value in Step 5).
- Click OK and then Add Certificate. You will be prompted to save your newly created CSR information as a text file with a ".txt" extension.
Remember the filename that you choose and the location to which you save it. You will need to open this file as a text file and copy the entire body of it, including the beginning and end tags, into the online order process when prompted.