Cisco Cisco ASA 5585-X Adaptive Security Appliance 기술 매뉴얼

Contents

Introduction

Prerequisites

Requirements

Components Used

Configure

CSR Generation

1. Configure with the ASDM

2. Configure with the ASA CLI

3. Use OpenSSL to Generate the CSR

SSL Certificate Generation on the CA

Example of SSL Certificate Generation on GoDaddy CA

SSL Certificate Installation on the ASA

1.1 Installation of the Identity Certificate in PEM Format with ASDM

1.2. Installation of a PEM Certificate with the CLI

2.1 Installation of a PKCS12 Certificate with ASDM

2.2 Installation of a PKCS12 Certificate with the CLI

Verify

View Installed Certificates via ASDM

View Installed Certificates via the CLI

Verify Installed Certificate for WebVPN with a Web Browser

Renew SSL Certificate on the ASA

Frequently Asked Questions

1. What is the best way to transfer identity certificates out of one ASA onto a different ASA?

2. How to generate SSL certificates for use with VPN Load Balancing ASAs?

3. Do the certificates need to copied from the Primary ASA to the Secondary ASA in an ASAfailover pair?

4. If ECDSA keys are used, is the SSL certificate generation process different?

Troubleshoot

Troubleshooting Commands

Common Issues

Appendix

Appendix A: ECDSA or RSA

Appendix B: Use OpenSSL to Generate a PKCS12 Certificate from an Identity Certificate, CACertificate, and Private Key

Related Information

Introduction

This document describes the various operations to successfully install and use a third-party
trusted Secure Socket Layer (SSL) digital certificate on the Adaptive Security Appliance (ASA) for
Clientless SSLVPN and the AnyConnect client connections. A GoDaddy Certificate is used in this
example. Each step contains the Adaptive Security Device Manager (ASDM) procedure and the
CLI equivalent.