# Click Configuration, and then click Device Management.
# Expand Certificate Management, and choose Identity Certificates.
# Click Add.
[+] Show Image [ASDM] asa_8.x_3rdpartyvendorcert_02.gif # Click the Add a new identity certificate radio button.
# For the Key Pair, click New.
[+] Show Image [ASDM] asa_8.x_3rdpartyvendorcert_03.gif # Click the Enter new key pair name radio button. You should distinctly identify the key pair name for recognition purposes.
# Click Generate Now.
The key pair should now be created.
To define the Certificate Subject DN, click Select, and configure the attributes listed in this table:
Table 4.1: DN Attributes Attribute
FQDN (Full Qualified Domain Name) that will be used for connections to your firewall. EX: webvpn.cisco.com
Company Name (Avoid using Special Characters)
Country Code (2 Letter Code without Punctuation)
State (Must be spelled out completrly EX: North Carolina)
In order to configure these values, choose a value from the Attribute drop-down list, enter the value, and click Add.
# In order to configure these values, choose a value from the Attribute drop-down list, enter the value, and click Add.
[+] Show Image [ASDM] asa_8.x_3rdpartyvendorcert_04.gif
Note: Some 3rd party vendors require particular attributes to be included before an identity certificate is issued. If you are unsure of the required attributes, check with your vendor for details. # Once the appropriate values are added, click OK.
The Add Identity Certificate dialog box appears with the Certificate Subject DN field populated. # Click Advanced.
[+] Show Image [ASDM] asa_8.x_3rdpartyvendorcert_05.gif
# In the FQDN field, enter the FQDN that will be used to access the device from the internet.
This value should be same FQDN you used for the Common Name (CN). # Click OK, and then click Add Certificate.
You are prompted to save the CSR to a file on your local machine.
[+] Show Image [ASDM] asa_8.x_3rdpartyvendorcert_06.gif
# Click Browse, choose a location in which to save the CSR, and save the file with the .txt extension.
Note: When you save the file with a .txt extension, you can open the file with a text editor (such as Notepad) and view the PKCS#10 request. # Submit the saved CSR to your 3rd party vendor.
Once you submit the CSR to your 3rd party vendor, they will provide you the identity certificate to be installed on the ASA.