How to Generate Certificate Signing Request on Cisco ASA 5510
This article uses an ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2) and provides instructions for generating a Certificate Signing Request (CSR) for Cisco ASA 5510.
Note: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
To generate a certificate signing request (CSR) for Cisco ASA 5510, perform the following steps:
Step 1: Generate a key pair
- Within ASDM, click Configuration > Device Management
- Click Certificate Management > Identity Certificates > Add > Add a new identity certificate
- For the Key Pair, click New > Enter new key pair name
- Enter a unique key pair name for the certificate
- Select the key size as 2048
- To complete the generation of the key pair, click Generate Now
Step 2: Generate a certificate signing request (CSR) file
- To enter certificate information, click Select
- From the drop-down list, select the following attributes > enter value > click Add
Country Name (C): Use the two-letter code without punctuation for country, for example: US or GB.
State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: New Jersey.
Locality or City (L): The Locality field is the city or town name, for example: Clifton.
Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: AB & C Corporation would be ABC Corporation or AB and C Corporation.
Organizational Unit (OU): This field is the name of the department or organization unit making the request.
Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.example.com" or "example.com".
- Once the appropriate values are added, click OK > Advanced
- In the FQDN field, enter the FQDN that will be used to access the device from the Internet:
Note 1: If enrolling for a Subject Alternative Name certificate leave this field blank.
Note 2: This value should be same FQDN you used for the Common Name (CN) or Domain Name.
- Click OK > Add Certificate > Browse
- Choose a location where to save the request file
- Upload the CSR to your order via your account