Skip to main content



Cisco Defense Orchestrator

Installing an Identity Certificate using Certificate Signing Request (CSR)

Before you begin

The following diagram depicts the workflow for generating CSR and installing a certified issued certificate in ASA:


Generate a CSR Request

  1. In the navigation menu, click Devices & Services.
  2. Select an ASA device, select an ASA device and in the Management on the right, click Trustpoints.
  3. Click Install
  4. From Select Trustpoint Certificate to Install, click one of the following:
  5. Click Send.
    This generates an unsigned Certificate Signing Request (CSR). 
  6. Click the copy icon copy_icon.png to copy the CSR details. You can also download the CSR request in ".csr" file format. 
  7. Click OK.
  8. Submit the certificate signing request (CSR) to the Certificate Authority to sign the certificate.

Install a Signed Identity Certificate Issued by a Certificate Authority

Once the CA issues the signed certificate, install it on the ASA device.

  1. In the Trustpoint screen, click the CSR request with the Status as "Awaiting Signed Certificate Install" and in the Actions pane on the right, click Install Certified ID Certificate.
  2. Upload the signed certificate received from the CA. You can drag and drop the file or paste its contents in the provided field. The trustpoint commands are generated based on the trustpoint you selected.
  3. Click Send.
    This installs the signed identity certificate to the ASA device. Installing certificates will immediately deploy changes to the device.

Note: You can also install a certificate on multiple ASA devices. Select multiple ASA devices and in the Devices Action on the right, click Install Certificate.

  • Was this article helpful?