Before you begin
- Read the guidelines for certificate installation.
- ASA must be “Synced” state and “Online”.
The following diagram depicts the workflow for generating CSR and installing a certified issued certificate in ASA:
Generate a CSR Request
- In the navigation menu, click Devices & Services.
- Select an ASA device, select an ASA device and in the Management on the right, click Trustpoints.
- Click Install.
- From Select Trustpoint Certificate to Install, click one of the following:
- Create to add a new trustpoint CSR object. For more information, see Adding an Identity Certificate Object for Certificate Signing Request (CSR).
- Choose to select the CSR request trustpoint that is already created.
- Click Send.
This generates an unsigned Certificate Signing Request (CSR).
- Click the copy icon to copy the CSR details. You can also download the CSR request in ".csr" file format.
- Click OK.
- Submit the certificate signing request (CSR) to the Certificate Authority to sign the certificate.
Install a Signed Identity Certificate Issued by a Certificate Authority
Once the CA issues the signed certificate, install it on the ASA device.
- In the Trustpoint screen, click the CSR request with the Status as "Awaiting Signed Certificate Install" and in the Actions pane on the right, click Install Certified ID Certificate.
- Upload the signed certificate received from the CA. You can drag and drop the file or paste its contents in the provided field. The trustpoint commands are generated based on the trustpoint you selected.
- Click Send.
This installs the signed identity certificate to the ASA device. Installing certificates will immediately deploy changes to the device.
Note: You can also install a certificate on multiple ASA devices. Select multiple ASA devices and in the Devices Action on the right, click Install Certificate.