AC – Generate CSR

To create a CSR for requesting certificate from a third part vendor, follow the below steps. Remote Access VPN – Certificate Management – Identity Certificated

On selecting “Add” we will be able to create a Trust Point, create a new Key and add other values. Give the Trustpoint a name, and select “Add a new identity certificate” option. Select the Key par, or use the default one. Click on New

Select the size as 2048 and usage as General Purpose. Click on Generate Now to generate the Key.

In the Advanced option, add the FQDN value (the URL of your AnyConnect Gateway) and select OK.

To configure other parameters like the Company name, Country, State etc; select “Select” in the Certificate Subject DN option, and fill it with relevant parameters.

Once all these parameters are configured, click on “Add Certificate”.

Once the Cert is added, we can save the CSR.

Using this CRS, generate the third party certificate from the vendor.

Once we get the certificate from the vendor, select the pending Identity Certificate and Install the same by uploading the cert file or pasting the cert text.

In Load-balancing scenario, where the FQDN is a virtual name for two devices, we need to export the certificate with its keys and install/import it to the other appliance. The password set below will be asked when the cert is imported to other ASA.