35-18
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 35 Configuring Digital Certificates
Configuring Identity Certificates Authentication
Step 4 Enter the passphrase used to encrypt the PKCS12 file for export.
Step 5 Confirm the encryption passphrase.
Step 6 Click Export Certificate to export the certificate configuration.
An information dialog box appears, informing you that the certificate configuration file has been
successfully exported to the location that you specified.
Generating a Certificate Signing Request
Note Entrust supports a key modulus size of 1024 only. Consult Entrust if you are using any other value.
To generate a certificate signing request to send to Entrust, perform the following steps:
Step 1 Click Enroll ASA SSL VPN with Entrust to display the Generate Certificate Signing Request dialog
box.
Step 2 In the Key Pair area, perform the following steps:
a. Choose one of the configured key pairs from the drop-down list.
b. Click Show to display the Key Details dialog box, which provides information about the selected
key pair, including date and time generated, usage (general or special purpose), modulus size, and
key data.
c. Click OK when you are done to close Key Details dialog box.
d. Click New to display the Add Key Pair dialog box. To continue, go to Step 8 of the “Adding or
Importing an Identity Certificate” section on page 35-15. When you generate the key pair, you can
send it to the adaptive security appliance or save it to a file.
Step 3 In the Certificate Subject DN area, enter the following information:
a. The FQDN or IP address of the adaptive security appliance.
b. The name of the company.
c. The two-letter country code.
Step 4 In the Optional Parameters area, perform the following steps:
a. Click Select to display the Additional DN Attributes dialog box.
b. Choose the attribute to add from the drop-down list, and then enter a value.
c. Click Add to add each attribute to the attribute table.
d. Click Delete to remove an attribute from the attribute table.
e. Click OK when you are done to close the Additional DN Attributes dialog box.
The added attributes appear in the Additional DN Attributes field.
Step 5 Enter additional fully qualified domain name information if the CA requires it.
Step 6 Click Generate Request to generate the certificate signing request, which you can then send to Entrust,
or save to a file and send later.
The Enroll with Entrust dialog box appears, with the CSR displayed.
To Next Page
Loading...
Need help?
General
