CSR Generation : Cisco ASA 5510

This article uses an ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2) and provides instructions for generating a Certificate Signing Request (CSR) for Cisco ASA 5510.

Note: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

To generate a certificate signing request (CSR) for Cisco ASA 5510, perform the following steps:

Step 1: Generate a key pair

  1. Within ASDM, click Configuration > Device Management
  2. Click Certificate Management > Identity Certificates > Add > Add a new identity certificate
  3. For the Key Pair, click New > Enter new key pair name
  4. Enter a unique key pair name for the certificate
  5. Select the key size as 2048
  6. To complete the generation of the key pair, click Generate Now

Step 2: Generate a certificate signing request (CSR) file

  1. To enter certificate information, click Select
  2. From the drop-down list, select the following attributes > enter value > click Add

    Country Name (C): Use the two-letter code without punctuation for country, for example: US or GB.

    State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: New Jersey.

    Locality or City (L): The Locality field is the city or town name, for example: Clifton.

    Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: AB & C Corporation would be ABC Corporation or AB and C Corporation.

    Organizational Unit (OU): This field is the name of the department or organization unit making the request.

    Common Name (CN): The Common Name is the Host + Domain Name. It looks like 'www.example.com' or 'example.com'.

  3. Once the appropriate values are added, click OK > Advanced
  4. In the FQDN field, enter the FQDN that will be used to access the device from the Internet:

    Note 1: If enrolling for a Subject Alternative Name certificate leave this field blank.
    Note 2: This value should be same FQDN you used for the Common Name (CN) or Domain Name.
  5. Click OK > Add Certificate > Browse
  6. Choose a location where to save the request file
  7. Verify the CSR using our CSR Decoder
  8. Upload the CSR to your order via your Sectigo account.