Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

VPN SSL certificate ASA

I was notified by GoDaddy that I needed to re-key my SSL since they are moving to SHA-2. The SSL is for VPN access through the firewall which is a Cisco ASA5510. To re-key I need a CSR. I do not have the original. The SSL was installed by a consultant.

How do I get the CSR from the ASA to populate the SSL key?
0
Jennifer
Asked:
Jennifer
  • 3
  • 2
2 Solutions
 
auctionpayCommented:
Yes,
You need to generate a new Cert request in-order to have the cert regenerated with the new hash. Even with the original key you would still have to regenerate the key in order to use the new hash. So even if you had the original key you would still be doing this work.
James
0
 
auctionpayCommented:
From the Cisco Adaptive Security Device Manager (ASDM), select "Configuration" and then "Device Management."
Expand "Certificate Management," then select "Identity Certificates," and then "Add."
Select the button to "Add a new identity certificate" and click the "New..." link for the Key Pair.
Select the option to "Enter new key pair name" and enter a name (any name) for the key pair. Next, click the "Generate Now" button to create your key pair.
Change the key size to 2048 and leave Usage on General purpose.
Next you will define the "Certificate Subject DN" by clicking the Select button to the right of that field. In the Certificate Subject DN window, configure the following values by selecting each from the "Attribute" drop-down list, entering the appropriate value, and clicking "Add."
CN - The name through which the firewall will be accessed (usually the fully-qualified domain name, e.g., vpn.domain.com).
OU - The name of your department within the organization (frequently this entry will be listed as "IT," "Web Security," or is simply left blank).
O - The legally registered name of your organization/company.
C - If you do not know your country's two digit code
ST - The state in which your organization is located.
L - The city in which your organization is located.
Please note: None of the above fields should exceed a 64 character limit. Exceeding that limit could cause problems later on while trying to install your certificate.
Next, click "Advanced" in the "Add Identity Certificate" window.
In the FQDN field, type in the fully-qualified domain name through which the device will be accessed externally, e.g., vpn.domain.com (or the same name as was entered in the CN value in step 5).
Click "OK" and then "Add Certificate." You will then be prompted to save your newly created CSR information as a text file (.txt extension).
Remember the filename that you choose and the location to which you save it. You will need to send this file or the entirety of the text to go daddy haven't done there process so I don't know.
0
 
JenniferAuthor Commented:
Thank you very much. I will try this tomorrow.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
Pete LongConsultantCommented:
0
 
JenniferAuthor Commented:
Thank you, I will check out the link as well.
0
 
JenniferAuthor Commented:
Thank you, I was able to get this to work.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now