SSL Store Loading

SSL Certificate Installation Guideline for Cisco

A Comprehensive Guide to Install SSL Certificates on Cisco

Please click here if you have not yet created a Certificate Signing Request (CSR) and placed an order for your SSL certificate. If you already have the SSL certificate and ready to complete the final step, carefully follow the steps mentioned below for successfully installing an SSL certificate for Cisco ASA 5500 VPN.

SSL Installation in the Adaptive Security Device Manager (ASDM)

Step 1 – To start with, download your primary certificate (CA.crt) and intermediate certificate (your_domainname_com.crt) from the customer account of your Certificate Authority (CA), onto the directory where you wish to store all your certificate files.

Step 2 – In the Adaptive Security Device Manager (ASDM), select Configuration'. After that, click on Device Management'.

Step 3 – Now, expand Certificate Management' and then select CA Certificates' and click on Add'.

Step 4 – From the selected option of Install from a file', browse your CA.crt file and click on the Install Certificate' button at the bottom of the Install Certificate' window.

In this step, the intermediate certificate is installed. Now you need to install the your_domainname_com.crt file.

Step 5 – Now, repeat Step 2, by clicking on ASDM > Configuration > Device Management

Step 6 – Once again, expand Certificate Management'. Now proceed by selecting Identity Certificates'

Step 7 – In this step, you have to select the appropriate identity certificate from when you CSR was created, then click on the Install' button.

Please note that the Issued By' field should show as Not available' and the Expiry Date' field should show a Pending' status.

Step 8 - Now browse to the appropriate identity certificate (your_domainname_com.crt, which is provided by your CA). Then, click on Install Certificate'.

How to configure WebVPN with ASDM to Use the New SSL Certificate

Step 1 – In ASDM, select Configuration > Device Management

Step 2 – Now, click on Advanced' and then the SSL Settings'

Step 3 – From Certificates', choose the interface that is used to terminate WebVPN sessions. Then click on Edit'.

Step 4 – From the drop-down menu of Certificate', select the newly installed certificate. Now, click on OK' and then Apply'.

This step completes your process of configuring the certificate for use with the selected kind of WebVPN.

Steps to Install SSL Certificate from the Cisco ASA Command Line (Alternate Installation Process)

Step 1 – Enter the following line from the ciscoasa(config)# line:

crypto ca authenticate my.thesslstore.trustpoint

Here, my.CA.trustpoint is the name of trust point, which is created when your certificate request (CSR) was created.

Step 2 – Now, enter the entire content of CA.crt file followed by the word quit' on the line by itself.

Users should remember here, that the CA.crt file can be opened and edited with a standard text editor, and the entire body of that file should be entered when prompted.

Step 3 – Now, expand Certificate Management' and then select CA Certificates' and click on Add'.

Step 4 – Enter Exit' after the certificate has been imported successfully.

With this step, the intermediate certificate file is now installed. Now you need to install your_domainname_com.crt file.

Step 5 – Enter the following text from the ciscoasa(config)# line:

crypto ca import my.thesslstore.trustpoint certificate

In this, my.thesslstore.trustpoint' is the name of the trust point created when your CSR was created.

Step 6 – Now, proceed by entering the entire content of your_domainname_com.crt' file, followed by the word quit' on a line by itself.

Here, users should note two things: 1) your_domainname_com.crt file can be opened and edited using a standard text editor; 2) Users should enter the entire body of that file when prompted.

After this step, you shall soon receive a message that the certificate was imported successfully.

How to Configure WebVPN to Use the New SSL Certificate from the Cisco ASA Command Line

Step 1 - Enter the following text from the ciscoasa(config)# line:

ssl trust-point my.thesslstore.trustpoint outside

wr mem

In this command, my.thesslstore.trustpoint' is the name of the trust point, which was created when your CSR was generated and outside' is the name of the interface being configured.

In this step, users should ensure that they save the configuration.

Troubleshooting

  • You can rely on our convenient SSL tool to check on your newly installed SSL certificate by clicking here.

    Note: For using this tool, you need to make sure your website is publicly accessible.

  • You can also check your website for warning or error messages using the secure https:// address within several of the most popular browsers (i.e. Chrome, Firefox, Safari, etc.). For example, Firefox will display a warning message if the intermediate certificate is not properly installed.

World's Leading Provider of Website Security Solutions