JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Install a SSL X509 certificate for Cisco ASA (Web, VPN, 5500, 8.x, ...)

Warning: During the CSR generation (procedure described here), we advise to import the certificates of the certification chain, before importing the delivered certificate (procedure described below).
To retrieve the certificates of the certification chain, go on your certificate status page then click on the "see the certificate" button and on the " see the certification chain" link.

Based on the documentation edited by Cisco:

ASDM version 6.x:

We recommand the following procedure:

  • Install the intermediate certificates:

    Before, to see all the certificates of the certification chain, go on your certificate status page, click on "see the certificate" then on "see the certification chain".
    • ASDM / Configuration / Device Management / Certificat Management / CA Certificates
    • In the "CA Certificates" menu, click on "ADD",
      select "Paste certificat in PEM format", and copy / paste one certificate from the certification chain
      ----BEGIN CERTIFICATE----
      ...
      -----END CERTIFICATE----
      
      Then click on "Install Certificate"

      Repeat the operation for each certificate of the certification chain.

      N.B.: Do not forget the root certificate (the last certificate of the certification chain):
      on the line "i:" (issuer), name of the root certificate "CN=ROOT CERTIFICAT".
      You can then vizualize and download your root certificate here
      You can also find your root certificate by going to the status page of your certificate (link in the delivery email), click on "View certificate" and "View root certificate"

  • Install the final certificate (server certificate file).

    Open the delivery email or go on your certificate status page to retrieve your certificate ("See the certificate" button).
    • ASDM / Configuration / Device Management / Certificat Management / Identity Certificates
    • You can see the pending identity certificate.
      click on "Install", copy/paste the certificate and click on "Install Certificat"


  • Activate the SSL (Web, VPN, Remote, FTP, SMTP, POP, IMAP, ...)
    For example, for a web service, go to
    ASDM / Configuration / Device Management / Advanced / SSL Settings
  • Finaly, check your SSL connection with an external browser or with our SSL installation checking tool, Co-Pibot

ASDM version 5.2:

We advise to follow the procedure below:

  • Open the delivery email to get yuour certificate or go on your certificate status page: it is the PEM format certificate
    • Steps 29+30: erase the root installed at step 15
    • Step 31: Import the intermediate certificate, meaning the second one of the chain. This file (B-certification chain) is delivered in the delivery email.
    • Step 32: Create a TrustPoint for the root
    • Step 33: Import the root certificate in this TrustPoint. This root certificate is the first one of the certification chain.
  • Step 34: install the final certificate (server certificate file) obtained on step 22
  • Steps 35 and 36: activate the SSL
  • Step 37, check the SSL connection with an external browser or with our SSL installation checking tool Co-Pibot

Useful links