(No Ratings Yet)

Loading...

• Facebook
• Twitter
• LinkedIn
• Mail

September 10, 2014 Comments closed

Step-By-Step Guide for Installing an SSL Certificate on Cisco ASA 5510

in ssl certificates

Cisco’s Adaptive Security Appliance (ASA) was introduced in May 2005. It is an effective combination of the functionalities of Cisco PIX, IPS product lines and VPN 3000.

In this post, we have put together a step-by-step guide for installing an SSL certificate on Cisco ASA 5510, one of the many versions from the Cisco ASA 5500 series. This series of security appliances by Cisco is one of the most popular hardware firewalls in the market.

Learn How To Install an SSL Certificate on Cisco ASA 5510

Step 1

Download the intermediate (the CA.crt) and primary certificate (your_domainname_com.crt). Please save them to a location where you wish to keep all of your certificate files.

Step 2

In ASDM, click on Configuration > Device Management

Step 3

Next, expand the ‘Certification Management’, select ‘CA Certificates’ and click on ‘Add’

Step 4

Select the option ‘Install from a file’ and browse to the location where you saved your intermediate certificate (ca.crt). Now, click on the button ‘Install Certificate’, which is at the bottom of the ‘Install Certificate’ window.

With this step your intermediate certificate is now installed.

Step 5

Here you need to repeat step 2. So, once again click on Configuration > Device Management in ASDM.

Step 6

Select ‘Identity Certificates’ after expanding ‘Certificate Management’.

Step 7

Next, choose the appropriate identity certificate from when your Certificate Signing Request (CSR) was created and click on ‘Install’

The ‘Issued by’ field should show as ‘not available’ and the ‘Expiration Date’ should be marked as ‘Pending’

Step 8

Browse to your identity certificate (your_domainname_com.crt) and click on ‘Install Certificate’.

After this step, users will receive a confirmation message that the installation process was successful.

Configure WebVPM with ASDM to use the New SSL Certificate

Step 1
Select Configuration < Device Management> Click on SSL Settings.

Step 2
Next, expand the ‘Certification Management’, select ‘CA Certificates’ and click on ‘Add’

Step 3
Select the option ‘Install from a file’ and browse to the location where you saved your intermediate certificate (ca.crt). Now, click on the button ‘Install Certificate’, which is at the bottom of the ‘Install Certificate’ window. With this step your intermediate certificate is now installed.
Step 4
Here you need to repeat step 2. So, once again click on Configuration > Device Management in ASDM.
Step 5
Select ‘Identity Certificates’ after expanding ‘Certificate Management’.
Step 6
Next, choose the appropriate identity certificate from when your Certificate Signing Request (CSR) was created and click on ‘Install’
The ‘Issued by’ field should show as ‘not available’ and the ‘Expiration Date’ should be marked as ‘Pending’.
Step 7
Browse to your identity certificate (your_domainname_com.crt) and click on ‘Install Certificate’.

After this step, users will receive a confirmation message that the installation process was successful.

How to Configure WebVPM with ASDM to use the New SSL Certificate

Step 1
Select Configuration < Device Management. Step 2
Click on the ‘Advanced’ button and go to ‘SSL Settings’.
Step 3
Now, from ‘Certificates’, select the interface (used to terminate WebVPN sessions). Now click on ‘Edit’.
From the drop-down menu of ‘Certificates’, choose the newly installed certificate. Click on ‘OK > Apply.

This completes the configuration of your certificate for use with selected kinds of Web VPN sessions.

Steps to Install an SSL Certificate from Cisco ASA Command Line

This is an alternative SSL installation method.
Step 1
Enter the following text from ciscoasa (config)#:crypto ca authenticate my.CA.trustpoint

Here, ‘my.CA.trustpoint’ is the name of the trustpoint, which was created during your certificate request generation.

Step 2
Now, enter the entire body of CA.crt file followed by the word ‘quit’ on a line by itself. The file CA.crt can be opened and edited with a standard text editor.Users need to enter the entire body of that file when prompted.
Step 3
Enter ‘Yes’ when asked to accept the certificate.
Step 4
Next, enter ‘Exit’ when the certificate has been imported successfully.With this step, your intermediate (or chain) certificate is installed. Now you need to install your_domainname_com.crt file.
Step 5
Enter the following line from the ciscoasa (config) #:crypto ca import my.CA.trustpoint certificate

Here, ‘my.CA.trustpoint’ is the name of the trustpoint, which was created during your certificate request generation.

Step 6
Now, enter the entire body of CA.crt file followed by word ‘quit’ on a line by itself. Users can open the your_domainname_com.crt file and edit it with a standard text editor.

Users need to enter the entire body of that file when prompted. You shall soon receive a message that the certificate was imported successfully.

How do I Troubleshoot the Installation Procedure?

Step 1
Please check the status of your newly installed SSL certificate with the help of our SSL Checker tool. However, to access this tool, the website needs to be publicly accessible.
Step 2
Alternately, you can also open the web browser and try visiting your website with secure ‘https’. Experts recommend that users test with both the web browsers, Internet Explorer and Firefox; because Firefox is known to give out a warning if your certificate is not properly installed.

The server may not be listening on port 443 if you receive a browser warning or error message about the website not being available. Or if your website takes a very long time to open and times out eventually, then your firewall may be blocking the traffic on TCP port 443.