How To

How to Generate Certificate Signing Request on Cisco ASA 5510

This article uses an ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2) and provides instructions for generating a Certificate Signing Request (CSR) for Cisco ASA 5510.

Note: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

To generate a certificate signing request (CSR) for Cisco ASA 5510, perform the following steps:

Step 1: Generate a key pair

  1. Within ASDM, click Configuration > Device Management
  2. Click Certificate Management > Identity Certificates > Add > Add a new identity certificate
  3. For the Key Pair, click New > Enter new key pair name
  4. Enter a unique key pair name for the certificate
  5. Select the key size as 2048
  6. To complete the generation of the key pair, click Generate Now

Step 2: Generate a certificate signing request (CSR) file

  1. To enter certificate information, click Select
  2. From the drop-down list, select the following attributes > enter value > click Add

    Country Name (C): Use the two-letter code without punctuation for country, for example: US or GB.

    State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: New Jersey.

    Locality or City (L): The Locality field is the city or town name, for example: Clifton.

    Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: AB & C Corporation would be ABC Corporation or AB and C Corporation.

    Organizational Unit (OU): This field is the name of the department or organization unit making the request.

    Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.example.com" or "example.com".


  3. Once the appropriate values are added, click OK > Advanced
  4. In the FQDN field, enter the FQDN that will be used to access the device from the Internet:

    Note 1: If enrolling for a Subject Alternative Name certificate leave this field blank.
    Note 2: This value should be same FQDN you used for the Common Name (CN) or Domain Name.

  5. Click OK > Add Certificate > Browse
  6. Choose a location where to save the request file
  7. Upload the CSR to your order via your account