Security Certificate Configuration on Cisco Adaptive Security Appliance
This section explains the Security Certificate Configuration on Cisco Adaptive Security Appliance.
Delete Old Certificates and Trustpoints
This procedure describes how to delete the old intermediate and signed certificate, and the trustpoint for the root certificate on Cisco Adaptive Security Appliance.
Before you begin
Ensure you carried out the configuration tasks described in the following chapters:
Procedure
Step 1 |
Enter configuration mode:
|
Step 2 |
Enter this command to display the trustpoints:
|
Step 3 |
Enter this command to delete the trustpoint and associated certificates:
The following warning output displays:
|
Step 4 |
Enter yes when you are prompted to delete the trustpoint. |
What to do next
Generate New Trustpoint for VeriSign
Procedure
Step 1 |
Enter configuration mode:
|
||
Step 2 |
Enter this command to generate the key pair for this certification:
|
||
Step 3 |
Enter the following sequence of commands to create a trustpoint for IM and Presence Serivce:
Troubleshooting Tips Enter the command |
What to do next
Import Root Certificate
Before you begin
Complete the steps in Generate New Trustpoint for VeriSign.
Procedure
Step 1 |
Enter configuration mode:
|
||
Step 2 |
Enter this command to import the certificate onto Cisco Adaptive Security Appliance:
|
||
Step 3 |
Enter the CA certificate, for example:
|
||
Step 4 |
Enter
|
What to do next
Generate Certificate Signing Request
Before you begin
Complete the steps in Import Root Certificate.
Procedure
Step 1 |
Enter configuration mode:
|
Step 2 |
Enter this command to send an enrollment request to the CA:
The following warning output displays:
|
Step 3 |
Enter
|
Step 4 |
Enter
|
Step 5 |
Enter
The certificate request displays. |
What to do next
Submit Certificate Signing Request to VeriSign
When you submit the Certificate Signing Request, VeriSign provides you with the following certificate files:
-
verisign-signed-cert.cer (signed certificate)
-
trial-inter-root.cer (subordinate intermediate root certificate)
-
verisign-root-ca.cer (root CA certificate)
Save the certificate files in separate notepad files once you have downloaded them.
Before you begin
-
Complete the steps in Generate Certificate Signing Request.
-
You must have the challenge password that you defined when generating the Certificate Signing Request.
Procedure
Step 1 |
Go to the VeriSign website. |
||
Step 2 |
Follow the procedure to enter a Certificate Signing Request. |
||
Step 3 |
When prompted, submit the challenge password for the Certificate Signing Request. |
||
Step 4 |
Paste the Certificate Signing Request into the window provided.
|
What to do next
Delete Certificate Used for Certificate Signing Request
You must delete the temporary root certificate used to generate the Certificate Signing Request.
Before you begin
Complete the steps in Submit Certificate Signing Request to VeriSign.
Procedure
Step 1 |
Enter configuration mode:
|
Step 2 |
Enter this command to display the certificates:
|
Step 3 |
Enter this command to delete the certificate:
The following warning output displays:
|
Step 4 |
Enter
|
What to do next
Import Intermediate Certificate
Before you begin
Complete the steps in Delete Certificate Used for Certificate Signing Request.
Procedure
Step 1 |
Enter configuration mode:
|
||
Step 2 |
Enter this command to import the certificate onto the Cisco Adaptive Security Appliance:
|
||
Step 3 |
Enter the CA certificate, for example:
|
||
Step 4 |
Enter
|
What to do next
Create a Trustpoint for Root Certificate
Before you begin
Complete the steps in Import Intermediate Certificate.
Procedure
Step 1 |
Enter configuration mode:
|
Step 2 |
Enter this command to generate the trustpoint:
|
Step 3 |
Enter the following sequence of commands:
|
Import a Root Certificate
Before you begin
Complete the steps in Create a Trustpoint for Root Certificate.
Procedure
Step 1 |
Enter configuration mode:
|
||
Step 2 |
Enter this command to import the certificate onto the Cisco Adaptive Security Appliance:
|
||
Step 3 |
Enter the CA certificate, for example:
|
||
Step 4 |
Enter
|
What to do next
Import Signed Certificate
Before you begin
Complete the steps in Import a Root Certificate.
Procedure
Step 1 |
Enter configuration mode:
|
||
Step 2 |
Enter this command to import the certificate onto the Cisco Adaptive Security Appliance:
The following warning output displays:
|
||
Step 3 |
Enter
|
||
Step 4 |
Enter the CA certificate, for example:
|
||
Step 5 |
Enter
|