SSL Certificates

SSL Certs, SSL Certificate, SSL Certificates

Securing Your Online Business

Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2009-02-24 12:03:05.0

TN 7741 - Installation of an Entrust Certificate on a Cisco ASA 5505

Enrolling a Entrust.Net Certificate onto a Cisco ASA

  

These instructions include the full procedures for requesting and installing a certificate on a Cisco ASA appliance.

 

Confirm that Hostname and Domain Name are configured

-      In the Cisco ASDM Configuration tool under “Device Name/Password”

 

1 -      Enter the Hostname

2 -     Enter  Domain name.

 



Confirm/Configure correct Date, Time, and Time Zone settings

-       In the Cisco ASDM Configuration tool under System Time / Clock /

1 -       Select the correct Time Zone

2 -    Set the correct Date

3 -    Set the correct Time

 

 

Request a Certificate (Generate CSR):  To obtain an Entrust Certificate, a Certificate Request must be generated. This request will include all of the necessary information that is needed to generate the certificate.

                        -  In the Cisco ASDM Configuration Tool under Device Management / Certificate Management / Identity Certificates /

                              

1 -   Select button “Enroll ASA SSL VPN with Entrust”

 

 

2 - Select “New” Key Pair

 

 

3 -    Select “Enter New Key Pair Name entrust.net

4 -    Select Size 2048

5 -    Select “General Purpose”

6 -    Select “Generate”

 

 

 

7 -    Enter Common Name (CN)

8 -    Enter Organization (O)

9 -    Enter Country (C)

 

 

10 -   Select Hyperlink “request a certificate from Entrust http://www.entrust.net/cisco. Entrust will then verify your request. Once verification is completed, Entrust will send a copy of the certificate.

 

 

Install the Certificate: After the Entrust Certificate has been issued, the certificate must be installed.

-  In the Cisco ASDM Configuration Tool under Device Management / Certificate Management / Identity Certificates

 

1 – Select the Install Button.

 

 

2 - Select “paste the certificate data in base 64 format”

 

 

3 – Select the Entrust Certificate in your browser and copy the certificate. Paste the Certificate in the Cisco Window.

4 - Select Install Certificate

 

 

 

Verify Certificate Installation: Once the Certificate has been installed, it is important to verify that it has been installed correctly.

-  In the Cisco ASDM Configuration Tool under Device Management / Certificate Management / Identity Certificates

 

1 - Select “Show Details”

 

 

2 – The following windows should be displayed according to the certificate that has been created.

 

 

 

 

 

Command Line view of non-default Cisco ASA configuration changes to enroll an Entrust.Net Certificate: Enter the following commands to complete enrollment via the command line interface.

 

1)      Confirm Hostname and Domain Name are Configured

a.       hostname ciscotrial

b.      domain-name entrust.net

 

2)      Confirm/Configure correct Date, Time, and Time Zone settings are accurate

a.       Configure Time Zone, Date and Time

      clock timezone EST -5 0

            clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 60

clock set 11:47:0 SEP 17 2008

 

3)      Generate a Certificate Signing Request, Authenticate the Trustpoint Install the Certificate

a.       crypto key generate rsa label entrust.net noconfirm

b.      crypto ca trustpoint ASDM_TrustPoint0

c.       keypair entrust.net

d.      id-usage ssl-ipsec

e.       no fqdn

f.        subject-name CN=ciscotrial.entrust.net,O=Entrust,C=CA

g.       enrollment terminal

h.       crypto ca enroll ASDM_TrustPoint0 noconfirm

i.         crypto ca import ASDM_TrustPoint0 certificate nointeractive “cert text” quit.

j.        "show crypto ca certificate"

 

The following output should appear:

 

Certificate

  Status: Available

  Certificate Serial Number: 469de1f9

  Certificate Usage: General Purpose

  Public Key Type: RSA (1024 bits)

  Issuer Name:

    cn=Entrust.net Secure Server Certification Authority

    ou=(c) 1999 Entrust.net Limited

    ou=www.entrust.net/CPS incorp. by ref. (limits liab.)

    o=Entrust.net

    c=US

  Subject Name:

    cn=ciscotrial.entrust.net

    o=Entrust Inc.

    l=Ottawa

    c=CA

  OCSP AIA:

    URL: http://ocsp.entrust.net

  CRL Distribution Points:

    [1]  http://crl.entrust.net/server1.crl

  Validity Date:

    start date: 11:45:37 EDT Sep 17 2008

    end   date: 11:15:27 EST Dec 17 2008

  Associated Trustpoints: ASDM_TrustPoint0

 

 

Affected Products:

  • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 1 Year Mutual SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 1 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year Mutual SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 3 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 3 Year Advantage SSL Version Not Applicable Language Not Applicable Windows
  • Entrust Certificate Services 3 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 4 Year Advantage SSL Certifcate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Accelerator Licenses Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Additional Administrator Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Additional Client Organization and Domain Names Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Additional Domain Names Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Additional Organization Names Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Additional SANs for UCC Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Advantage Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Affiliate Operations Module for SSL Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Affiliate Partner Program Fee Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Affiliate Partner Royalty Fees Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 1 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 2 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin UCC SSL - 1 Year Version Not Applicable English Windows
  • Entrust Certificate Services Cert Admin UCC SSL - 2 Year Version Not Applicable English Windows
  • Entrust Certificate Services Certificate Administrator 3 Year SSL Certificates Version Not Applicable Language Not Applicable Windows
  • Entrust Certificate Services Certificate Administrator EV SSL - 1 Year Version Not Applicable Language Not Applicable Windows
  • Entrust Certificate Services Certificate Administrator EV SSL - 2 Year Version Not Applicable Language Not Applicable Windows
  • Entrust Certificate Services Certificate Manager 7.0 English Windows
  • Entrust Certificate Services Certificate Manager 7.1 English Windows
  • Entrust Certificate Services Client Management Module Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services CMS Account 1 YR Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services CMS Account 2 YR Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services CMS Account 3 YR Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services CMS Account 4 YR Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services CMS Account Version Not Applicable ALL Platform Not Applicable
  • Entrust Certificate Services Cross Certificate Fee - CASP Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cross Certificate Fee - Enterprise Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services ECS Advantage Certificate - 4 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services ECS UC Certificate - 4 Year Version Not Applicable English Windows
  • Entrust Certificate Services Enhanced Service Account Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services EV Certificate - 1yr Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services EV Certificate - 2yr Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services EV Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services EV SSL - 1 Year Version Not Applicable English Windows
  • Entrust Certificate Services EV SSL - 2 Year Version Not Applicable English Windows
  • Entrust Certificate Services Extended Validation Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Partner Program Reseller Fees Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificate - 1 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificate - 2 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificate - 3 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificate - 4 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificate Units Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Standard Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificate - 1 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificate - 2 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificate - 3 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificate - 4 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificate Units Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UCC Certificate - 1 and 2 year Version Not Applicable English Windows
  • Entrust Certificate Services UCC SSL - 1 year Version Not Applicable English Windows
  • Entrust Certificate Services UCC SSL - 2 year Version Not Applicable English Windows
  • Entrust Certificate Services UCC SSL - 3 year Version Not Applicable English Windows
  • Entrust Certificate Services Web Hoster Service Account Version Not Applicable English Platform Not Applicable
  • Entrust Certificate Services Wildcard Certificate Units Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Wildcard Certificates Version Not Applicable Language Not Applicable Platform Not Applicable

SSL Certificates

buyExtended Validation (EV)

buyAdvantage SSL

buyStandard SSL

buyUnified Communications

buyCode Signing Certificates

buyAdobe CDS