How is a Certificate Signing Request (CSR) generated on Cisco ASA ?

In order to generate a CSR for Cisco ASA, please follow these steps:

1. Open the Cisco ASDM Configuration Tool

2. Click Configuration and Device Management.

3. Expand Certificate Management and choose Identity Certificates.

4. Select Enroll ASA SSL VPN.

5. Then, go to Key Pair, click the New button.

6. Click the Enter new key pair name radio button. You should distinctly identify the key pair name for recognition purposes.

7. Next to Size, select 2048 (which is the length of your key).

8. Next to Usage, choose General Purpose.

9. Click Generate Now. The key pair will be created.

10. To define the Certificate Subject DN, give the following information after chosing the appropriate attribute by clicking on "Select Attribute" and on "Add" once the corect value is written:

• The Common Name - Must match the URL you plan to secure exactly – is usually your fully-qualified domain name (FQDN), e.g., devel.ssl247.co.uk or mail.devel.ssl247.co.uk). Remember the www. is important – include it if you want to secure https://www.yoursite.com & exclude it if you want to secure https://yoursite.com
• Enter your Organisation and Organisation Unit names in the fields provided
• Enter your City/Locality, State/Province and Country/Region details. To know the ISO code of your country,click here

11. Then, in the "Add Identity Certificate" windows, go to "Advanced".

12. Next, enter the fully-qualified domain name (FQDN) in the FQDN field. The FQDN is referred as Common Name (CN) in step 10.

13. Click on "OK". Then click on "Add Certificate".

14. Finally, copy/paste the entire contents of the CSR (including the BEGIN and END tags) into our order form.