How to Install an ASA VPN (SSL) Certificate: Cisco ASA Training 101 

Thanks for the well-documented video-can't believe I'm finding it 11 years after it was posted! Haha!

Apologies for the delayed reply. The FQDN is how the device is identified via its certificate. It doesn't require a DNS A record, but without an A record or an entry in a local hosts file, there would be no point in having the certificate to prove name-based identity. I've never used an IP address with a certificate, but I don't know why it wouldn't work. In fact, there are some CAs that offer that service. Obviously, that would eliminate the need for either an A record or a hosts file entry.

The CA certificate is generated by the device you wish to configure as a certificate authority, such as a Windows Server 2012 computer or a Linux computer. The certificate can either be self-signed or signed by an upstream certificate authority such as Verisign, Comodo, GeoTrust, or any of the many other CAs. If you visit any of the CA websites, you'll find more information about the process.

It's been a while, but I think I got that one from DigiCert. You can get trial certs from lots of providers and most of them should work similarly to what you see in the video.

Excellent video! It helped me out immensely.

Awesome because the Cisco document is missing the export command

So for the "Certificate Subject DN": - does the FQDN need to have an A record in DNS? - can we use an IP instead? I guess I am not sure what the FQDN is used for in this case.

So just to make sure I have this right you got both certs from Digicert? I have been trying to setup my own Windows 2008 CA to do a similar VPN design. I wasn't sure if the 2nd cert was from Digicert or it was created from something else that I missed.

When going to install the asa01_soundtraining_crt cert, how was that generated? I think I am missing a step. Many thanks!

hi can you tell me how to have a ca certificate

Where did you get the ASA_soundtraining cert from?

What is the purpose of that default key that is generated? I would think it is because of SSH, but it is not since to get SSH to work it is still needed to generate RSA key.

Hello,I am wondering if I can use VPN Digital Certificate on my Both ISP interfaces.... do I need to generate key for each ISP interface?

very good,good job

Hi Sir, i have encountered a problem when installing certificate. i have already generated CSR and comodo already replied to us the certificate, i have also uploaded the CA certificate that comodo gave us. but when i try to install the cert in identity certificate the "Install Button" is greyed out. How can i fix this sir? i really want this to be done within today but i am stucked to this portion, i have attached a screenshot for your reference. Thank you so much, Your reply is much appreciated.

i have received 2 certificated from my CA..intermediate & ssl certificate..which certificate should i install in identity certificate & which one should i install in CA..

How is this done without ASDM? My CF card cannot hold asa and asdm image

Hi, excellent video! Could you publish the commands used behind ASDM to install the certificate? I'd really like to know the commands. Thank you!

is there any easier way to validate that certificate?

Hi Don thanks a lot for the video. Just wanted to know if you have uploaded the following video on how to associate the certificate with the remote access vpn ??????

I get a message that reads WARNING you already have a RSA key name Default ASA Key. Is this different than the SSL certificate we're generating?

So I generate the key then go to entrust and paste the csr and it keeps giving me the error -null is not a lid country code...what does this mean? Would it be related to not having my home network on a configured domain. Just bough the the asa and am trying to set it up to play around with at home

font size is very small very diffult to see the configuration

Do you need a certificate to perform in-class exercise with VPN?

love it...thanks

I saw that he saved the self generated as a TXT file not as a CRT. Do I go back and save the file as a crt? I did not see where he saved the asaol.soundtraining.net.crt certificate. Little confused where he got that asao1.soundtraining.crt file from. Was that from digicert? Anyone can help?

I have an ASA 5510 Version 8.2 (5) with the following config Hardware: ASA5510 1024 MB RAM, CPU Pentium 4 Celeron 1600MHz Internal ATA Compact Flash, 256MB my question I want to install Annyconnect vpn with this config. is that it is compatible with the prerequisites to install annyconnect with 256mb flash?Maximum Physical Interfaces : Unlimited Maximum VLANs : 100 Inside Hosts : Unlimited Failover : Active/Active VPN-DES : Enabled VPN-3DES-AES : Enabled Security Contexts : 2 GTP/GPRS : Disabled SSL VPN Peers : 2 Total VPN Peers : 250 Shared License : Disabled AnyConnect for Mobile : Disabled AnyConnect for Cisco VPN Phone : Disabled AnyConnect Essentials : Disabled Advanced Endpoint Assessment : Disabled UC Phone Proxy Sessions : 2 Total UC Proxy Sessions : 2 Botnet Traffic Filter : Disabled thank you

following your every move - you make it look easy but for 2 days I am getting the following error: Cannot import certificate - Certificate does no contain device's General Purpose public key for trust point ......ERROR: Failed to parse or verify imported certificate. What could be wrong - I am following exactly every move...??

PLZZ EXPLAIN THEORY FIRST