Cert for ASA5510

Posted on 2011-10-13
Last Modified: 2012-08-13
Im looking to setup SSL anyconnect on a ASA5510. Can I use a wildcard certificate for this? If so what format does it need to be in?
Question by:DEFclub

    Author Comment

    I currently have .pfx format that was exported from IIS
    LVL 33

    Assisted Solution

    LVL 8

    Accepted Solution

    Yes, you should be able to use your exported certificate.
    By default Microsoft’s .pfx file will be DER encoded.You will need to use OpenSSL to convert to PEM encoding.
    You can download openssl for Windows at:

    The openssl command to convert the encoding is:

    openssl pkcs12 -in filename.pfx -out filename.pem

    You will be prompted for the import password which is the password you specified when you exported from IIS. You will then be prompted for a PEM passphrase. It can be anything you choose as long as it’s 4 or more characters. You will need it when you import to the ASA5510.

    Now that you have a file in the proper format that contains both public and private keys you can import into the ASA5510. I don’t know if this can be done from the GUI or not. But you can do it from the command line.

    The command is:

    SA(config)#   crypto ca import <trust-point-name> filename.pem <passphrase>

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Suggested Solutions

    There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
    I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now