SSL Certificates

SSL Certs, SSL Certificate, SSL Certificates

Securing Your Online Business

Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2009-12-15 10:31:58.0

TN 7741 - How do I install an Entrust certificate on a Cisco ASA 5505?

Question:

How do I install an Entrust.Net certificate onto a Cisco ASA?

Answer:

These following instructions explain how to request and install an Entrust certificate onto a Cisco ASA appliance.

To confirm the Hostname and Domain Name are configured

1.  In the Cisco ASDM Configuration tool under Device Name/Password, complete the following:

a. Enter the host name in the Hostname field.
b. Enter  domain name in the Domain Name field.

 



To confirm/configure the date, time, and time zone settings 

1.  In the Cisco ASDM Configuration tool under System Time > Clock, complete the following:

a. From the Time Zone drop-down list, select the correct time zone.

b. From the Date drop-down, select the correct date.

c. In the Time fields, set the correct time.

 

 

To request a certificate (Generate CSR)

To obtain an Entrust certificate, you must generate a certificate request. This request includes all of the necessary information required to generate the certificate.


1. In the Cisco ASDM Configuration Tool under Device Management > Certificate Management > Identity Certificates, complete the following:

a. Click Enroll ASA SSL VPN with Entrust.

 

 

The Generate Certificate Signing Request dialog box appears.
 

 
2. Click New.

The Add Key Pair dialog box appears.

 

 



3. Select Enter new key pair name and enter entrust.net.

4. From the Size drop-down list, select 2048.

5. Select General purpose.

6. Click Generate Now. 


The Generate Certificate Signing Request dialog box appears.

 

 

7. In the Certificate Subject DN section, complete the following:

a. Enter common name in the Common Name (CN) field. 

b. Enter the organization in the Organization (O) field.

c. Enter the country in the Country (C) field.

8. Click Generate Request.

The Enroll with Entrust dialog box appears.
 


9. Click the hyperlink request a certificate from Entrust. Entrust will verify your request. Once verification is complete, Entrust sends a copy of the certificate.

 

To install the certificate

After the Entrust certificate is issued, you must install the certificate.


1. In the Cisco ASDM Configuration Tool under Device Management > Certificate Management > Identity Certificates, complete the following.

 

2. Click Install.

 

 

The Install Identity certificate dialog box appears.

 

 

2. Select Paste the certificate data in base 64 format.
3. Select the Entrust certificate in your browser and copy the certificate. Paste the certificate in the text field.

4. Click Install Certificate.

 

 
To install the Entrust cross certificate


1.  In the Cisco ASDM, select CA Certificates from the left-hand menu..
2.  Click Add.
3.  Point the ASDM to your L1C.cer file containing the Entrust L1C Cross certificate.


To verify the certificate installation

Once the certificate is installed, it is important that you verify that it has been installed correctly.

1.  In the Cisco ASDM Configuration Tool under Device Management > Certificate Management > Identity Certificates, complete the following:

 

a. Click Show Details.

 

 

The Certificate Details dialog box appears.

 



2. The following windows should be displayed according to the certificate that has been created.

 

 

 

 

To obtain a command line view of the non-default Cisco ASA configuration changes to enroll an Entrust.Net certificate

Enter the following commands to complete enrollment via the command line interface.

 

1)      Confirm Hostname and Domain Name are configured.

a.       hostname ciscotrial

b.      domain-name entrust.net

 

2)      Confirm/Configure correct Date, Time, and Time Zone settings.

a.       Configure Time Zone, Date and Time

      clock timezone EST -5 0

            clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 60

clock set 11:47:0 SEP 17 2008

 

3)      Generate a Certificate Signing Request, Authenticate the Trustpoint Install the Certificate

a.       crypto key generate rsa label entrust.net noconfirm

b.      crypto ca trustpoint ASDM_TrustPoint0

c.       keypair entrust.net

d.      id-usage ssl-ipsec

e.       no fqdn

f.        subject-name CN=ciscotrial.entrust.net,O=Entrust,C=CA

g.       enrollment terminal

h.       crypto ca enroll ASDM_TrustPoint0 noconfirm

i.         crypto ca import ASDM_TrustPoint0 certificate nointeractive “cert text” quit.

j.        "show crypto ca certificate"

 

The following output should appear as follows:

 

Certificate

  Status: Available

  Certificate Serial Number: 469de1f9

  Certificate Usage: General Purpose

  Public Key Type: RSA (1024 bits)

  Issuer Name:

    cn=Entrust.net Secure Server Certification Authority

    ou=(c) 1999 Entrust.net Limited

    ou=www.entrust.net/CPS incorp. by ref. (limits liab.)

    o=Entrust.net

    c=US

  Subject Name:

    cn=ciscotrial.entrust.net

    o=Entrust Inc.

    l=Ottawa

    c=CA

  OCSP AIA:

    URL: http://ocsp.entrust.net

  CRL Distribution Points:

    [1]  http://crl.entrust.net/server1.crl

  Validity Date:

    start date: 11:45:37 EDT Sep 17 2008

    end   date: 11:15:27 EST Dec 17 2008

  Associated Trustpoints: ASDM_TrustPoint0

 

 

Affected Products:

  • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 1 Year Mutual SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 1 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year Mutual SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 3 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 3 Year Advantage SSL Version Not Applicable Language Not Applicable Windows
  • Entrust Certificate Services 3 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 4 Year Advantage SSL Certifcate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Accelerator Licenses Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Additional Administrator Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Additional Client Organization and Domain Names Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Additional Domain Names Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Additional Organization Names Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Additional SANs for UCC Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Advantage Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Affiliate Operations Module for SSL Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 1 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 2 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin UCC SSL - 1 Year Version Not Applicable English Windows
  • Entrust Certificate Services Cert Admin UCC SSL - 2 Year Version Not Applicable English Windows
  • Entrust Certificate Services Certificate Administrator 3 Year SSL Certificates Version Not Applicable Language Not Applicable Windows
  • Entrust Certificate Services Certificate Administrator EV SSL - 1 Year Version Not Applicable Language Not Applicable Windows
  • Entrust Certificate Services Certificate Administrator EV SSL - 2 Year Version Not Applicable Language Not Applicable Windows
  • Entrust Certificate Services Certificate Manager 7.0 English Windows
  • Entrust Certificate Services Certificate Manager 7.1 English Windows
  • Entrust Certificate Services Client Management Module Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services CMS Account 1 YR Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services CMS Account 2 YR Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services CMS Account 3 YR Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services CMS Account 4 YR Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services CMS Account Version Not Applicable ALL Platform Not Applicable
  • Entrust Certificate Services Cross Certificate Fee - CASP Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cross Certificate Fee - Enterprise Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services ECS Advantage Certificate - 4 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services ECS UC Certificate - 4 Year Version Not Applicable English Windows
  • Entrust Certificate Services Enhanced Service Account Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services EV Certificate - 1yr Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services EV Certificate - 2yr Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services EV SSL - 1 Year Version Not Applicable English Windows
  • Entrust Certificate Services EV SSL - 2 Year Version Not Applicable English Windows
  • Entrust Certificate Services Extended Validation Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificate - 1 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificate - 2 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificate - 3 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificate - 4 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificate Units Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificate - 1 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificate - 2 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificate - 3 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificate - 4 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UCC Certificate - 1 and 2 year Version Not Applicable English Windows
  • Entrust Certificate Services UCC SSL - 1 year Version Not Applicable English Windows
  • Entrust Certificate Services UCC SSL - 2 year Version Not Applicable English Windows
  • Entrust Certificate Services UCC SSL - 3 year Version Not Applicable English Windows
  • Entrust Certificate Services Web Hoster Service Account Version Not Applicable English Platform Not Applicable
  • Entrust Certificate Services Wildcard Certificate Units Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Wildcard Certificates Version Not Applicable Language Not Applicable Platform Not Applicable

SSL Certificates

buyEV Multi-Domain SSL

buyAdvantage SSL

buyStandard SSL

buyUC Multi-Domain SSL

buyAdobe CDS

buyCode Signing Certificates

buySecure Email Certificates