Install Certificate - Cisco ASA 5500

Feb 15, 2024

Install Certificate - Cisco ASA 5500

Installing Your Certificate on a Cisco ASA 5500 VPN/Firewall

Article Purpose: This article provides step-by-step instructions for installing your certificate on a Cisco ASA 5500 VPN/Firewall. If this is not the solution you are looking for, please search for your solution in the search bar above.
 

1. You will receive your SSL certificate and intermediate certificate by email. Copy each certificate from the email, paste each one into a separate text editor, and save the files to a safe location with a ".crt" extension (e.g., "gs_sslcertificate.crt", "gs_intermediate.crt").
2. In ASDM select Configuration and then Device Management.
3. Expand Certificate Management and select CA Certificates. Click Add.
4. Selected the option Install From a File. Browse to your "gs_intermediate.crt" file and then click Install Certificate. Your intermediate certificate file is now installed. Next, you need to install the "gs_sslcertificate.crt" file.
5. In ASDM select Configuration and then Device Management.
6. Expand Certificate Management and select Identity Certificates.
7. Select the appropriate identity certificate from when your CSR was generated (the "Issued By" field should show as not available and the "Expiry Date" field will show" Pending…"). Click Install.
8. Browse to the "gs_sslcertificate.crt" provided by GlobalSign and click Install Certificate.
   You should receive confirmation that your certificate installation was successful.

Configuring the WebVPN with ASDM to Use the New SSL Certificate

1. In ASDM select Configuration and then Device Management.
2. Click Advanced and then SSL Settings.
3. From Certificates, choose the interface used to terminate WebVPN sessions. Click Edit.
4. From the Certificate drop-down, select the newly installed certificate. Click OK. Click Apply.

SSL Certificate Installation From the Cisco ASA Command Line (Alternate Installation Method)

1. From the ciscoasa(config)# line, enter the text:
   
    crypto ca authenticate my.globalsign.trustpoint 
   
   "My.globalsign.trustpoint" is the name of the trustpoint created when your certificate request was generated.
2. Enter the entire body of the "gs_intermediate.crt" file followed by the word "quit" on a line by itself. The "gs_intermediate.crt" file can be opened and edited with a standard text editor. The entire body of that file should be entered when prompted.
3. When asked to accept the certificate, enter "Yes".
4. When the certificate has been successfully imported, enter "Exit". Your Intermediate certificate file is now installed. You will now need to install the "gs_sslcertificate.crt" file. 
5. From the ciscoasa(config)# line, enter the text:
   
    crypto ca import my.globalsign.trustpoint certificate 
   
   "My.globalsign.trustpoint" is the name of the trustpoint created when your certificate request was generated.
6. Enter the entire body of the "gs_sslcertificate.crt" file followed by the word "quit" on a line by itself. The "gs_sslcertificate.crt" file can be opened and edited with a standard text editor. The entire body of that file should be entered when prompted. You should receive a message that the certificate was successfully imported.

Configuring WebVPN to Use the New SSL Certificate From the Cisco ASA Command Line

1. From the ciscoasa(config)# line, enter the text:
   
    ssl trust-point my.globalsign.trustpoint outside wr mem 
   
   "My.globalsign.trustpoint" is the name of the trustpoint created when your certificate request was generated. "Outside" is the name of the interface being configured.
2. Save the configuration.