Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Install a SSL X509 certificate for Cisco ASA (Web, VPN, 5500, 8.x, ...)

Warning: During the CSR generation (procedure described here), we advise to import the certificates of the certification chain, before importing the delivered certificate (procedure described below).
To retrieve the certificates of the certification chain, go on your certificate status page then click on the "see the certificate" button and on the " see the certification chain" link.

ASDM version 6.x and + :

We recommand the following procedure:

Installation of intermediate certificates

Beforehand, to view the certificates constituting your certification chain associated with your certificate, from the status page of your certificate (see delivery email), click on the "View certificate" button and then on the "View certification chain" link.

  • Go to ASDM / Configuration / Device Management / Certificat Management / CA Certificates

  • In the menu "CA Certificates", click onAdd

  • Choose Paste certificate in PEM format, and copy / paste the certificate of your certification chain
    ----BEGIN CERTIFICATE----
    ...
    -----END CERTIFICATE----
    
    Then click on Install Certificate

    Repeat the operation for each certificate of the certification chain.

    N.B .: Without forgetting the root certificate (link "See the root certificate" which is in "See the certificate" from the status page of your certificate)

Install the final certificate (server certificate file)

Open our delivery email because the final certificate is there (below); or go to your "Status" page of the certificate, then click on the "View certificate" button. You can also download it (link provided).

  • Go to ASDM / Configuration / Device Management / Certificat Management / Identity Certificates

  • You can see the pending identity certificate.
    click on Install, copy/paste the certificate and click on "Install Certificate"

  • Activate the SSL (Web, VPN, Remote, FTP, SMTP, POP, IMAP, ...)
    For example, for a web service, go to ASDM / Configuration / Device Management / Advanced / SSL Settings

  • Finaly, check your SSL connection with an external browser or with our SSL installation checking tool, Co-Pibot

Simple method: import a file in PKCS12 format (.pfx file)

For simplicity, you can import a PFX file directly into ASDM.

I f you generated your CSR using our "KeyBot" tool during your certificate request, you can generate a PFX file from the "Generate PFX / PEM" button on the status page of your certificate: more information.
If you used another tool like OpenSSL, you can also make a PFX file. You can help yourself with our documentation: Generate a PFX file with OpenSSL


Once the PFX file is available:

  • Go to Configuration > Remote Access VPN > Certificate Management and choose Identity Certificates

  • Click on Add

  • Enter a trustpoint name. Choose "Import the identity certificate ..."

  • Enter the PFX file password and the path where it is located

  • Click on Add Certificate

Finally as for the previous method, remember to activate the certificate

ASDM version 5.2:

We advise to follow the procedure below:

  • Open the delivery email to get yuour certificate or go on your certificate status page: it is the PEM format certificate
    • Steps 29+30: erase the root installed at step 15

    • Step 31: Import the intermediate certificate, meaning the second one of the chain. This file (B-certification chain) is delivered in the delivery email.

    • Step 32: Create a TrustPoint for the root

    • Step 33: Import the root certificate in this TrustPoint. This root certificate is the first one of the certification chain.
  • Step 34: install the final certificate (server certificate file) obtained on step 22
  • Steps 35 and 36: activate the SSL
  • Step 37, check the SSL connection with an external browser or with our SSL installation checking tool Co-Pibot

Useful links