In this tutorial, we will show you how to generate a CSR on Cisco ASA 5500 Series.
Just follow the steps below:
- Log into your Cisco Adaptive Security Device Manager (ASDM), click on Configuration and then on Device Management
- Expand the Certificate Management tree, and then select Identity Certificates. Click Add
- In the Add Identity Certificate window, Define a trustpoint name under Trustpoint Name.
- Check the Add a new identity certificate radio button, and click New, next to Key Pair
- In the Add Key Pair window, select Enter new key pair name and write any name for the key pair.
- Choose the Key Size. Also, if you use RSA, choose General Purpose for Usage.
- Click Generate Now to create your key pair
- Next, in the Add Identity Certificate window, next to Certificate Subject DN click Select
- In the Certificate Subject DN window, select an attribute from the drop-down list and assign the appropriate value by clicking Add. Please follow the examples below:
- CN: provide the FQDN (fully qualified domain name) through which the firewall will be accessed. For instance, yoursite.com
- OU: specify the organizational unit in charge of web security an SSL management. For example, IT
- O: type the full name of your organization. For instance, GPI Holding LLC
- C: write your country’s two-letter code. For example, US. Here you can find the full list of country codes.
- ST: name the state where your organization is located. For instance, California
- L: name the city where your organization is registered. For instance, San Jose
- Double-check the info you’ve just entered and click OK
- Next, In the Add Identity Certificate window, click Advanced
- In the FQDN box, enter the fully-qualified domain name through which the device will be accessed externally, or the same FQDN you’ve added to the CN value in step 6
- Click OK and then hit the Add Certificate button
- Save your CSR code as a text file. You can use any text editor such as Notepad, for example.
That’s it! Now, you can use your CSR code during the SSL order process. After your CA signs your SSL Certificate and sends the relevant files to your inbox, you can proceed with the installation.