To generate a Certificate Signing Request (CSR), please do the following:
From the Cisco Adaptive Security Device Manager (ASDM), select Configuration and then Device Management.
Expand Certificate Management, then select Identity Certificates and then Add.
Select the button to Add a new identity certificate and click the New... link for the Key Pair.
Select the option to Enter new key pair name and enter a name (any name) for the key pair. Then click the Generate Now button to create your key pair.
The key size should be left at 2048 and Usage should be left on General purpose.
Next you will define the Certificate Subject DN by clicking the Select button to the right of that field. In the Certificate Subject DN window, configure the following values by selecting each from the Attribute drop-down list, entering the appropriate value, and clicking Add.
- CN - The name through which the firewall will be accessed (usually the full-qualified domain name, e.g., vpn.domain.com).
- OU - The nameof your department within the organisation (frequently this entry will be listed as “IT”, “Web” Security or is simply left blank).
- O - The legally registered name of your organisation/company.
- C - Your country's two-digit code.
- ST - The state in which your organisation is located.
- L - The city in which your organisation is located.
Click Advanced in the Add Identity Certificate window.
In the FQDN field, type in the fully-qualified domain name through which the device will be accessed externally, e.g., vpn.domain.com (or the same name as was entered in the CN value in step 5).
Click OK and then Add Certificate. You will then be prompted to save your newly created CSR information as a text file (.txt extension).
Remember the filename that you choose and the location to which you save it. You will need to open this file as a text file and copy the entire body of it (including the Begin and End Certificate Request tags) into the online order process when prompted.