Solved

VPN SSL certificate ASA

Posted on 2014-10-28
6
315 Views
Last Modified: 2014-12-10
I was notified by GoDaddy that I needed to re-key my SSL since they are moving to SHA-2. The SSL is for VPN access through the firewall which is a Cisco ASA5510. To re-key I need a CSR. I do not have the original. The SSL was installed by a consultant.

How do I get the CSR from the ASA to populate the SSL key?
0
Comment
Question by:Jennifer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:auctionpay
ID: 40409194
Yes,
You need to generate a new Cert request in-order to have the cert regenerated with the new hash. Even with the original key you would still have to regenerate the key in order to use the new hash. So even if you had the original key you would still be doing this work.
James
0
 
LVL 1

Assisted Solution

by:auctionpay
auctionpay earned 250 total points
ID: 40409213
From the Cisco Adaptive Security Device Manager (ASDM), select "Configuration" and then "Device Management."
Expand "Certificate Management," then select "Identity Certificates," and then "Add."
Select the button to "Add a new identity certificate" and click the "New..." link for the Key Pair.
Select the option to "Enter new key pair name" and enter a name (any name) for the key pair. Next, click the "Generate Now" button to create your key pair.
Change the key size to 2048 and leave Usage on General purpose.
Next you will define the "Certificate Subject DN" by clicking the Select button to the right of that field. In the Certificate Subject DN window, configure the following values by selecting each from the "Attribute" drop-down list, entering the appropriate value, and clicking "Add."
CN - The name through which the firewall will be accessed (usually the fully-qualified domain name, e.g., vpn.domain.com).
OU - The name of your department within the organization (frequently this entry will be listed as "IT," "Web Security," or is simply left blank).
O - The legally registered name of your organization/company.
C - If you do not know your country's two digit code
ST - The state in which your organization is located.
L - The city in which your organization is located.
Please note: None of the above fields should exceed a 64 character limit. Exceeding that limit could cause problems later on while trying to install your certificate.
Next, click "Advanced" in the "Add Identity Certificate" window.
In the FQDN field, type in the fully-qualified domain name through which the device will be accessed externally, e.g., vpn.domain.com (or the same name as was entered in the CN value in step 5).
Click "OK" and then "Add Certificate." You will then be prompted to save your newly created CSR information as a text file (.txt extension).
Remember the filename that you choose and the location to which you save it. You will need to send this file or the entirety of the text to go daddy haven't done there process so I don't know.
0
 

Author Comment

by:Jennifer
ID: 40409337
Thank you very much. I will try this tomorrow.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 57

Accepted Solution

by:
Pete Long earned 250 total points
ID: 40409419
0
 

Author Comment

by:Jennifer
ID: 40421723
Thank you, I will check out the link as well.
0
 

Author Closing Comment

by:Jennifer
ID: 40492750
Thank you, I was able to get this to work.
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question