JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Generate a CSR for Cisco ASA (Web, VPN, 5500, ASA 8.x, ...)

Based on Cisco official documentation:

ASDM version 6.x and + :

Cisco ASDM User Guide 7.14 - Generate a Certificate Signing request
ASA 8.x: Renew and Install the SSL Certificate with ASDM
  • Go to "ASDM / ... / Certificat Management / Identity Certificate"

  • Click on the button "Add" (or "enroll")

  • Select "Add a new identity certificate", so there is no risk of disrupting existing production services while receiving your new certificate.

  • We recommend, for each new installation or certificate renewal, to create a new private key each time in your interface, for that click on key Pair : "New",
    choose a name for your private key, for example "Sitename-2020", select a key size from 2048-bit minimum. Leave by default on "General purpose", then click on "Generate Now".
    Thus, the private key associated with your SSL certificate, necessary for the encryption of your connection, has just been installed in your system.

  • In the screen "Add Identity Certificate", you have therefore selected the private key that you have just generated.

  • In the form "Certificat Subject DN:" (to avoid confusion this can correspond to the CN (Common Name) field of the certificate), enter the address of the service to be secured (for example: www.monsiteweb.fr)

  • Finally, click on the button "Add Certificat"

  • In the following window, enter the information:


    • CN: Common name / domain name / server name / FQDN:
      Indicate here your SSL server name, such as "secure.company.com", "www.my-domain.com" or "www.product.com". No IP address (learn more). No spaces nor blank characters.

      Even if we do not advise so, intranet addresses can be listed in the CSR ( learn more)

      If you need to order a multiple-domain / SANs certificate, indicate the main address only when generating your CSR. This address will remain the same until the certificate expiration. Then enter the other addresses you want to secure in the order form. Those ones will be changeable through reissuances.

    • O: Company Name Organization:
      Indicate the corporate name of your company (no trade name or acronym), in uppercase preferably.

    • C: Country:
      Indicate FR if your company is in France, BE for Belgium, etc, in uppercase preferably.

    • ST: State:
      In France indicate the name of the department where your company headquarters are based (not the number).

    • L: Location City:
      Indicate the city where your company headquarters are based.

    • OU: Department Organizational unit / Division / Branch:
      We advise not to fill in this field or to enter a generic term such as "IT Department".

  • Then click "OK". On the following window "Identity Certificate Request" select the folder in which the CSR (Certificat Signing Request) will be created.
    Click "OK"
  • Now open the CSR file and copy/paste its content in the appropriate field of our order form via our website or your Certificates' Center.

Installation of the X509 SSL certificate

Once the audit processed, you will receive a delivery e-mail containing your certificate and you will be able to follow the installation instructions available here.

Other CISCO documentations:

Official documentation ADSM 7.14
ASA 8.x Manually Install 3rd Party Vendor Certificates for use with WebVPN Configuration Example