Installing a Signed X.509 SSL Certificate into ASA via the CLI
Having already generated the RSA key-pair on the ASA with “crypto key generate rsa mod 2048”) create a trustpoint for the VPN users, generated an SSL cetificate and CSR and have received the signed X.509 certificate and CA and intermediate SSL certificates, the certificate and CA certs will need to be installked onto the Cisco ASA. This procedure describes the method using the CLI.
STEP 1
About signing:
Enrollment (getting your SSL certificate signed) can be “self”, “scep” etc. or “terminal” (manual enrollment).
crypto ca trustpoint VPN_TRUSTPOINT1
enrollment terminal
fqdn ciscoasa.darenmatthews.com
email netadmin@darenmatthews.com
subject-name CN=ciscoasa.darenmatthews.com,OU=UK IT Operations,O=MCCLTD Inc,C=US,St=MO,EA=netadmin@darenmatthews.com
ip-address 195.88.229.125
keypair DST-UK-KEYPAIR1
crl configure
STEP 2
Get the Intermediate Certificates provided by the CA and associate those certificates with the trustpoint. (Essentially we are going to tell the ASA that we trust these signing authorities based on the certificates that they give us. These intermediate certificates were also provided by our CA. They are simply flat text file containing a PEM (ASCII) encoded version of the Intermediate identity certificates.
ciscoasa(config)# crypto ca authenticate VPN_TRUSTPOINT1
Enter the base 64 encoded CA certificate.
End with the word “quit” on a line by itself
—–BEGIN CERTIFICATE—–
MIIEQDCCAyigAwIBAgILBAAAAAABI75RcWkwDQYJKoZIhvcNAQEFBQAwOzEYMBYG
A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh
+wGfcVAvZyZZjz5hIEdCoyF8YAOFlmsib1HB7E891oWrEhPKNt8dTQ55ngFiqAXV
HMOvmh8Xwo1F0+Lt4Gyn2NnVDRiPl0xRYe2l8yfF2rrkypjti4od7fVmdjcGzhdy
GVbahTfSVw11IJJ2qR52c0wzGDB4hiLXArs6WYY+vNd5ngX7LGkKivlYS0fmcsWp
MuPXh26KHFXRFtRfg9nuRIbUJhfslH49YtZOXKBdhiNmmKoP
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIECDCCAvCgAwIBAgIEByczJTANBgkqvkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
bqjnuSmToOTuh0lx3ne3Xz1UpqoGzUvg2KvLsQ80qiTYdDnFwQTPX2TJkgrrqh0f
5nF32+sVXvGYDnhZ72qv4U9/OAar5O9EvaUHvQ==
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgvVBAoTCUJhbHRpbW9y
ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
—–END CERTIFICATE—–
quitINFO: Certificate has the following attributes:
Fingerprint: 64fc5f79 945af76a decf4fd4 a1a79496
Do you accept this certificate? [yes/no]: yesTrustpoint ‘VPN_TRUSTPOINT1’ is a subordinate CA and holds a non self-signed certificate.
Trustpoint CA certificate accepted.
% Certificate successfully imported
ciscoasa(config)#
STEP 3
The CA has issued a (signed) certificate tied to the private key. This will be another text file that is copied into the ASA:
ciscoasa(config)# crypto ca import VPN_TRUSTPOINT1 certificate
% The fully-qualified domain name in the certificate will be: ciscoasa.darenmatthews.com
% The IP address in the certificate is 195.67.229.127
Enter the base 64 encoded certificate.
End with the word “quit” on a line by itself—–BEGIN CERTIFICATE—–
MIIFWDCCBECgAwIBAgIOAgAAAAABRJNGQiwwWVMwDQYJKoZIhvcNAQEFBQAwUTEk
MCIGA1UEChMbVmVyaXpvbiBDeWJlcnRydXN0IFNlY3VyaXR5MSkwJwYDVQQDEyBD
eWJlcnRydXN0IFN1cmVTZXJ2ZXIgRVYgT0NTUCBDQTAeFw0xNDAzMDUxNzI0MjFa
Fw0xNjAzMDUxNzI0MjFaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTU8xFDAS
BgNVBAcTC0thbnNhcyBDaXR5MRkwFwYDVQQJExA0OTAwIE1haW4gU3RyZWV0MRMw
EQYLKwYBBAGCNzwCAQMTAlVTMRMwEQYLKwYBBAGCNzwCAQITAkRFMRgwFgYDVQQK
Ew9EU1QgU3lzdGVtcyBJbmMxGzAZBgNVBA8TElYxLjQsIENsYXVzZSA4LjUuMjEQ
MA4GA1UEBRMHMjAwMzQxMTEoMCYGA1UEAxMfdWtjbXZwbjEuZHN0Z2xvYmFsc29s
dXRpb25zLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALodDIAe
OaU4xhKgd6rCmk4E5LuKxBaGuPvj5Q3bvhMrCu4l1Ju/cabhrsvkuDgisGMkLXZj
xMVWl3+9oB+gCTH5fhaa6QqprGhK9gA6b3Lbm1PkN69JDEZDfQ+z2JohaXeVZ2Rc
pq7VtuFUy0FT7qWdoIm8CbX9iYyEuTYNyYUVsCfhb60Ho04PA+0IE+X6OI/Et1/E
Jr8kx/EZEK8EYRblK+DdFqcaNB7tEanP+CFXQqg/uXtw/FjzM3KmswPYBoyH9jn4
bXsk/EqeFr83FcnHGlN4qaNDoDySUzg3jnMF5j1q1MKqDlXIgblAQ2c3/WvKIx1C
pA8v/eaSO2SqWdMCAwEAAaOCAZQwggGQMB8GA1UdIwQYMBaAFPOUqGamehSGioTg
9Rzb+QsU0FQFMD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDovL2Vl
LW9jc3Aub21uaXJvb3QuY29tL2V2c3NsLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRw
Oi8vY3JsLm9tbmlyb290LmNvbS9jdGV2b2NzcC5jcmwwHQYDVR0OBBYEFF+or6XX
7NXinRCY6gDUImBos02FMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMFAG
A1UdIARJMEcwRQYKKwYBBAGxPgFkATA3MDUGCCsGAQUFBwIBFilodHRwOi8vY3li
ZXJ0cnVzdC5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeTAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwSAYDVR0RBEEwP4IfdWtjbXZwbjEuZHN0Z2xvYmFsc29s
dXRpb25zLmNvbYEcdWtuaXRAZHN0Z2xvYmFsc29sdXRpb25zLmNvbTANBgkqhkiG
9w0BAQUFAAOCAQEADpCmX29ekegFpL2wTVdn1BQNgu08vzNMqGA8iWtm1unKGi9G
Tmn7moERCusvOg8aAVI6PNJbaqIqEso1r8CtpA1VMEJX41sfXypngBYFOFJ4q7zI
FzUNZMaTIL+gZ5qSlaF9F5Jn5+dfW6EJteeMdI9omRvjP0/C8IGTrO8jC3Ni0oGd
YkppdfjNKjWQZ4uQFx1i1MctTJd7eGq/8QhKq5zP4jQjPgG8Bq0EDfjhdsEQB9Gt
FMYgidyCt6UqC09DriG7wQ+ShqQeASWRpQ2mz2JZVZWF1MD+dAIE5eM0X1TqjziF
O9uU9La9yMFVJqiS9O/QuZAvd+QocnF0UeA3jw==
—–END CERTIFICATE—–
quit
INFO: Certificate successfully imported
ciscoasa(config)#
STEP 4
Set trustpoint to outside interface:
ciscoasa(config)# ssl trust-point VPN_TRUSTPOINT1 outside
ciscoasa(config)#
STEP 5
BACKUP THE KEYS:
ciscoasa(config)# crypto ca export VPN_TRUSTPOINT1 pkcs12 ciscoasa#
Exported pkcs12 follows:
—–BEGIN PKCS12—–
MIIUNwIBAzCCE/EGCSqGSIb3DQEHAaCCE+IEghPeMIIT2jCCE9YGCSqGSIb3DQEH
BqCCE8cwghPDAgEAMIITvAYJKoZIhvcNAQcBMBsGCiqGSIb3DQEMAQMwDQQIhVNd
qYh8l4YCAQGAghOQT4atx9GN3QU6Y1l7Wy90X97GsTPC32wPvar0jnAgoN9EXMTo
6LqtmAqD5KJk/nSTdcEbF+pJ4jD9VgcvDCnVJTFL+YWcqwKV36g4qTrEAVcyyoRA
Elj2xgVgHca3SA04YaGoLMAQuCsD0wcwjI8gMXMtoPH6sAeaQpDsfYvfp8PxdRPf
QizLUuTDMQnWB1tNPCJGT+yk5GVcAjNyQKU6/WgyTWGSs/hnpoTFupguT9TP6nx1
8BSo7uYQyuQobauxdha00QI7SB+yCS5xIluNdGw8MqIyWdwHh5fB66gZ2sFlsHil
rGv0X27ChtWoOgqetplHuEwhZniK1gq/+AcBOO1tNuBso2/0V0n8osk/Fygd0HI9
1UIe7ym3Gev+XcgxJo0+xMPRNAdUnOrXmgBBR0OT4/pk6lempDdsYuB2lYEMZmtQ
6dl7l4D13yFCfLN/QSHHEyTWxJJcbrO0XEeoTZdjA+2o/idESxF5Ikzo6+YX6Rpf
qqJPZajpJ6TTd19HeMGIpDRHbfYcl0zewsNlO8XkOss83XEQa1UVdaeRJnNmES9W
O0uM0Q7EpYSthJJuGGBQr5BkmFGpjcfMWKvbUNunupyP0I8oysogIIp7EEW7AzXR
gRENzUl9IBRO/+2ah050icQ8wLIXL1fW3P7P880BzGg2dWLgqHZ7po3dim2UsH6L
8pP/MZJVofqGa4+1gETWuCPDD8IMTxI1xQoEQGO7SX8GDTIfcCNntmsMU3dR8w7A
dxnvF92UCYCQeU4wOJnfjKjniXm5z147nhu3/0HG5II8/ynF1Jr6NHaotXkpYJ/t
vdIHRS2jh/p90ifkF5//54pqTv9M2gcUy7YFNV6+7wUYhWtUVvQQl2mvHeax05QP
PmpFhlPKo5iqUJMZbup3t+Cu33eLUy2hgeyMU6ndSeBiGj4AnuTVp9oinUdx8WhK
l6H1I2xsEwszgRNgsE2FRHAmwVp5S8nBC9ghOFOue9fWLxFU895Ab8a6L//Ysqgi
G5O+oC+7sSMrpE6+98HJh/GLDZiypP+XV2O3pLRoOo2bFOCSAC4inB7oH4LKEYuX
I/A0howy4XrwV1wq86U2JkLdvjrayKn3V4iux3KUsrzlPqg480P2rKpFIzst3LkY
vDD8HsAPu0Er54MdNGjenKahmZ01kMRc+qOO92XSAizp3wbguFYiIALwjUIGQ82d
l1wqeEkO+7gwd9uChGtmTrW8fRDFiiooBuULOunyiOfRm++NhLyKpoOcfwUg52ZR
EtiCF7hMa4+An12DNDDFAV7TVsAn4i2AH8JxsymLp/1Pe+6Y3ceJgLvOsezmB0tN
N0pROpr3Qm//e3FeXzTpI75CmR+unUYz6mvehfW74tHGb05Z8hNWsJlXN7LxdiDU
QkJ8AIBJAPbLgtswe4KeBxCdr3mIF5+LboxF1Wezup1bS8lKlaD4ZPRWAbZsdm15
ModGH0KIO9A40t7ba1dfTKbCipmas16uzTCuhcfrFeoon/mEoApeYkm+s+8kLrm+
MpLO3xVlNALlNzEfmfllUTjLnqo70n3potyy82NHLfNKJ5O6qPe/y1hdk4zZOiOY
A5fhmzHx5Ao2h5W+K3qNx9LzJG7TUwD38qWB673Q1qCEql74BVha+tYvA+GitYJ+
rGk4deHzXinNtEUjcuCPwlFO97VldnffrjQgsc50hrAt9lJP/Vp63/F03NxI6kTf
COnD2VenD3djmOnQXfX3DuEw1oW5Zjs7oqOc7ddT+450JTMzjC3TxRb34AmMpirN
+UVecHDWPsitbrb3QSoVcdNP331efBd4EszEyMp5B9cDZCn0gRlILrHm4gG3mZPg
jSkzmp5gmydKU7i/vGLNxTi+Iq1R1keqtrXxngdlQ2kh230Wya+2CBt74y+x3EK4
rCSfJBpRk+iCYNYIxSssVbak4C8siVAG9RJBfcLlDCRDfDBNwxgQ1rcSePmDzM6P
/m1TigW4H9SqHGLbOueILAWaxPXZ6ySKWais6wV92B3thKGBpglCre6Ooqk60AOy
2Q2v1vO1JKBkaPf4i8Oj0fzSzUKI5oARriSeM7ZrijnQMiNe9bJhhaVEdyIc//9V
t/t3G9FgJxO/j/vM5h+wmJ9z6cZmS2pG1lSWJkIspsAxMqWZg6OkdIrbYZ84LwSZ
z0LDzWUgX5D7gsUYh3fLTma9J5N7DVynY73YC45fbs5pi5SaEgbbIocOeHbssvG+
f3coDrrPSkgSHNv2JikZUXP0XIDDDaPSRmkCEktx8hxpwVLWklLSlhUToXX3WAHo
Z6AfXb3g3STh0Sii9D4dfpAcfG9hPBrU29BjBUBl6Sy8kyqCZfFpQnSrDD/mUQ2c
DkzojF0HukCfGE6pV2kdQpmWDoqEQrBBjDRkDRYg8n51BLvVA70k4fsP6lgOPgQN
MGXuL7CMypQYvYGZ4lb2K6riYSqEJW72TSXY0G9PyaDFeRnS/9ANDUU7XprIzq2v
4wnqh1bPwIxadDi7EIWhG2YjpFabZgnBb6w3GdZPAD3hQFPsW2ZQb1YZY5/my0mJ
JLY6kBzScTxzbPMhz5F6NCvm9hJU6fPEB9JrDFCEvMipQyIJQPVqubdySxwObJM8
a/hpcuCVZ5w4PsZ4lUq9o70ev6JIPBE8wfFI8iOn7vJvSikWuWEQ+7hF7Lli7Pp2
iu/MotMb4DdynGWz/TRkobDgLp2ZT4+ydYeDS5Vj4NdXEOYXWAUcpKfHkjz98hrC
NSbOmeZq5se++mXsQRqRB/9/rzDU2LilNuvuIhJOkc+bfrDOm7uyYmP9SIehEg4H
6uPhvdlWpy/Q3jmwTQAReNFzbPmC4tNB+DD2w/lYE0FAnp22vum0VsQmf/FH4JmY
XtnytzpGUvw6fLqmu/rgg8wUHFCS82HG8N90WC0ge+pUGhFDHMcPUxr4/9AgqgrR
oZbPXiqATEVo0hhAuNL1zIUzPYjjRUzArN62il3++gh73hnov69ry9ZifdxvvN4o
HqjMKDvVzNRI0XUNyKiihh0RjJ+e3YU2yq4lPyzg7lfCr/i8n2oZU5sWf5PvNvMB
tC2lg+eSRME7mbC9ooQCbg3aCPv9/ll0cQAZmNyF7vCGJMCe4+jVDVzI+GOzq4+Z
omiye/imWSYkzgy5LSGoDetb9at/MUh3nCZtCEO96fBKBNZ19vDS7TPnAbG8RVzz
KO2Daq0DoR17IXLpf4ZnDohdYaeMJs9gq+PG3lXKGgCR/2WVs4btwhjLdAWPndHe
6hmAfFZVj0olYXgipDwHktYQzhHHlAhfxCwMriaEJAEWK45fkoElrVRngXAuE8II
pqfkCjL1SzbP+K7rnHywwCww+Kntxt6PglFqdc1/8WcqLUr5hQWVVbaIHPRiA/2r
4SfyK70R7dYJosYrjnWkLN76nXHt8FIxvmey2AbTh3BaHNA3+Dd2xxCzBZDWOCtp
KPxUW6LitD4TBZNhbtwmW1cWLzJdWJs13MTBgtJe5bz9o7FQkM5JMM7S9oG5Tkhm
g2je94krKQq0fUSFgwIJ3MwwK1xWvQGpTPYA1jb2xBWrEs6vUkvda4J8A8iRW55N
8TorJRuv6qYu+0+IkPLiDTunjzX1QyiHys1PC8gNG28se6DcckHTwaalsZvS22+z
bhRq4qVEXRSvGwiv6htr/0qsYX3coSQlTaeT+Qn3kUHU93MRS1G2idZ+k7Co+Lc5
93aQX+u70oYSVMx8gWocbTfSgSEAyzo+57aj1tvnk8xvGZC+CpB837yyEsmOn3w2
mPWPn9qy5p1Heag60kOdKAB+HPDXLd6dwBgSG1+mOiHWJn2qRrMJ7Q30bZkafKdt
/sy8hKd0gHroqbKjOVddA2dDEKQ9TCMKpXAcKZaGMu/61dFpvUfeKRVVJ1pkC+mZ
0sTb9S5gWKWDzbzK+6mgoAgrrWDRt7qFm4Ni+DnZpA9RhqQXgLvGycF7qEGcz5f3
Yeah1dhbe+8kZGweu7wP5l5UPblp/fiCXio4Nx+4G9PrDpjgWn8D0mYfG7x+Z3UH
UYK6MUE8JR4yENrETvP8vgklkona/JkgW/oPtz4PDd6KAMBe59MmqDRvjqTJvCrr
cKrHt/1pjEGi0zTC/KWcAmRFjLP9ZQFov2RDGJitMBVe+WMsVxPDl+inquWmzJRZ
qwzyzGrt46R1Cq+U7vqCUJVfQ/QpIEty7TI+yDJkKrJneDHRn0Cbi7ALk23QdIen
Fl5/Wm+0xjg8ycyCZSeUngHrqWEMKl01R+URpz7RReQK3ULd5oOPYnH9lLeV0BOi
lxIp3z1Y2aTOPcViV5ia5Bzwwymd8W7xbkaAfsVlcULS6vc5Xtj7lnx1v/IBEVgQ
F3j8e9JIuRyBFDBmCM5ZGeqow6QU+0/V8j8rgoMJlGXtXYU4Mq5b7k6joqshWPI2
w/Q5B5ZXrLEN8EStu1wXJpvhHAxjDO87pIUVbDzQdZNe14uVlbKlptdCb66Vm7R6
3+5mQH2ZFWUtAdenlFVS87KDw8H6PuDg1gc+jI2mEUnu0c4hSGPbwpKOioanInM0
BcNfc9R6fjLzAzOh7pI0QYKOTm7gXz7ej9gMm/e5tZVRQ30V3D5A0Uj95cq6gEj/
dFo8PS1tL7k9r9qsXwR0CCszpjnSNX53VbpSpqBimqfqd51yVsRugEEw2d216Or3
0ObBXoewJXBl7pKj04tjjPiaK6/UBnkwH//DJ4THqHXwss6PCZB/LRmASjqmHcoL
XHvam0v70kTJ0k114A/udqvUq0ByaJusQsmwtdy97NTqDYCNYH07brAWiij61T2M
JtXnazxyUDspp2KlI2bWigupNu2RyHk0bOjxSF4fb+lJeK/uZBrtLdF9ih6FqCqb
y/fKsutUUPM0WrsPfU7qbvg5+kY4popqpWCdUGwkx5RoITi1teo9DmLuhiudaJH/
RMwTtK7Rw3jqStOgFwH+B5BsplFAXMRHJyp8ZyOAT/JD8eyl32VhAYW7ZTPj67uP
GtMtv1jiwCRrwPxmsVgl0UCekY4BF5VNhS5rkl8HDEc3tNQpe+vy0ew3ksYM2Y74
xpE5vPobdUWkuoiPYg/B7HuozcnoXDpOVedIG2/ps/1p4VYAI4LCnu5tHELfJwB6
W55AXiCmtEsujtzhUe8oMbn0MO4hlk+rXR5fGI3xn1ik85z/8XmIOukXsfSqcO9z
UuMmMdWi9n+UspxMYdxm6LE5OSncfhklbLj5n26vMMMHQ7VzEt5rGDV9bGS9X8Uv
gZvj5di1gI7yhZReLqH3y7HzqPGdng/PC3ltV3Pn2NujSq7yUXFuyo0cac8RoMIa
RwtQB7thj2F4d+XOzp8GLNvVdUPJUehSSReu+yeXPL5XC0GKnB8q7lCYWYy6PNlI
vdUqOYnnmtJKCTTjfXaYzlj5Xi45YkKAQFhiJ/B9sP7UQ8Do54jy416W1XtxaqFt
0Rd2gkHbZMjnL2/Vuf2wm8Zop2yxKEbtZNmCG76VABxkGB14z1B5x4v+kJIFB7ts
Qek6Tts2HESkqDwJ7Ebr3Bnqzctupj2hnxVqVMSGczd+OABWxs9xyp/3JjsscZeG
A5Jog+XTP7l+DPnnFw85G2M+lmq4mkR7uGqAI8ujFvp0WTAjPe0hCoaQth3UzaMh
Kj4umqssCtu3Katq3ZT9U7JSHzd7kysUg2EFmIPEA1t24zVUBRq3JRiVNVqp+7Ck
oo2SwvxiP3jlnAet83zpmc4lqW3X04p+iSaLIO7oHd5YjImaGBk+MjJcvGDAMBiv
v15xyZLEQEPI8uHJ9kau6w89UswI9LlUQONphCcmM6zW3Bj6EPjhQmuWfYl+C8dm
1ptZPnTYdBaNn3lxvH42+narCb/ThVsERY0dGO9tArf9hTY6LMJVav/deSSBU3JH
yS+it0ufOzm1ohQQ59IfTR0WfFz2aBJBAGxbXR2YF2AKWUsdH5fugBGdkwc+oWs/
5uSVMWLuRr4XArj+8ZE7hf/iOiz9Hz6sQN4zwus97rpNZE6ES0maOMGaQjddjvLC
IBA5W9nbA1rbPUGbD3QiYtBeEOLEc+s8VK/epGvszq0E1CvuVH2DhcX4J+eqzDA/
/T+PLDZneatkhSqZCSJn9QepviEGNnvuK96CG16g/xD3wphZRaLbBpB6bm5TO6wA
aRNyasVFeCwU3Q7bZ8nv48bIoZ7Q4Q1V1BWG6Rmt91g5cnoiYcEgiS487yqxLho/
QLLPDj7h04WbACZFmkiac97RZ3i3N9otZUrt9udRmqUhADdf5QNv92INe92fDV4v
RxsIlXONLidto9oZt7fBPqtbc7boWjcMKFOsPDfzvzb8AgSdUrP4vT0GqXzGXB1Z
leVTBisIP9AfzpBGWOxbTCximDk2vGKQPiNOZsios3E3klB0qg2Vs/TnYqvvpZAp
PweI0hfvpNueK3eQPoTZUUpQVjkY3KEBtQnfgr0tocmJv5wxMsoVsLe434vjbCBX
avgKwKfJsXdIT+HBeArfMGbsEHMt7rkRXUSDSMkQTEy3G/Se+XC2qD4+GKNmhXyr
kKEoI82w7U735S0JylvHa7HM+D4wRKcqqIRrTpehj6E5WTd7V8i6V77eDkNINNJI
LdQgMnxpfBNqbJ9FDfddy5xuSEWLQf9LcjBG+RzF5IiiCrVgfyp1ztmdpe4bmqOM
jNyIsyDmkE88iolyEIit0Lvt1Tc0J7qUGsOUyTA9MCEwCQYFKw4DAhoFAAQUGXCd
16j53dMCo7mfg1XuwJQm75gEFKUqvF1I80byiJZxMgDCa3zzBEx5AgIEAA==
—–END PKCS12—–
ciscoasa(config)#
NOTE: Before adding the certificate to the trustpoint, this happened:
ciscoasa(config-ca-trustpoint)# crypto ca export VPN_TRUSTPOINT1 pkcs12 ciscoasa#
WARNING: Temporary self-signed certificate is being generated to
export the keypair since an associated ID certificate is not available.Exported pkcs12 follows:
—–BEGIN PKCS12—–
MIILPwIBAzCCCvkGCSqGSIb3DQEHAaCCCuoEggrmMIIK4jCCCt4GCSqGSIb3DQEH
BqCCCs8wggrLAgEAMIIKxAYJKoZIhvcNAQcBMBsGCiqGSIb3DQEMAQMwDQQIcEZC
oVByV8oCAQGAggqYT0LnSEbpFLp5BX6nkmrt808ZkNCYAO0yzQZu76047ZESr+yS
T2aZFDkXYA8s2VD9XpdIFyyNM1aPoIhktUsdF10mT/XvW/neetbvz3npFZfyuJg+
2IHhua6QhuV/rt3G9xJfJE0AdP0w/Uf4jsw8KPEhkmUM5V3iun/13LmDMiY80Uvu
JXndux3lR+R/hQKEv6ISZ4+c973YtYhj0nS2U+Rp81krWioxmTWsAob/xZyhgBct
Pc19MFYnpX5q/oW2cM9AC1rtZ5EHnipoDBKdqlBoCTeegshYACpFZ70KdHwvM3ZT
BivEiltQ0kDIVw2DC8C+lp1Fy/DmLos4GDuiU5wQLSGYuRBDg4kyXyd8cn2o7G7f
2EJGvEtE9VVuOeyt+kPKOHbEkjz/1DvH0lFhgqcB0o0LWbNoJizjcgeL6L8uYbzI
WoU6q0at7dVJYM3ow7565tEaVHRby0WP3GKlnr4r8rXJx4r9GiKd5xprhfwBwGh3
zggCVXz9nGvCoi4AKGGlGCam4KZCcT8SPliklXbQ5Sb6vcFk9SubmA5MvHZ1I7g6
UF7e318YJD8SxLIwWusKfz+omi/GbURi/DdQxGglgTY6yoTFKAio2R/DcLDQsl5j
TS9Dm8z+XdD/VRVMYftMaOSCDEWaa0pVxszg5qDAvwQAXTADONq/a9PIR0EcOe4k
FBRjF5czqJ0amvbvIxcatmvxNSczQ21YRtotw6TJu+0aMRgWlHaGNlXVmqBG4aTq
jxsaIqR+7KfsX5A9z7e9SfJJQ2KQLt0XV1GD5qiplOyJYiwMmYrydCdGKFaAfcaO
j9mh9spsyDJMLigsjELJx2O38Ip4JTwWWutJvIjxlqN/fiKos/ZYRfSXd3JZODHm
SwVkJtIVoTQG1ovm+ruyc6dywaiy+pU7aqnBRhnKD+/K2o+N5YkLdIDp9z426Ng1
5G9bHSndWIjwKOcc6oVFU7kZlEMZER+ER0kFSAm3rCuU+ofTIBJgX+hqUdaS04qS
XbexPfD/X1Rlc7Jhk6nZsjp2Ap9fjTRfrAHNQoMZtUCno8q2ebl33kbu5Ipfs2y6
a1p3Tt8GlxdWP+9JNDeEUM01RT5p1LRs4pW1OkIo8mYem3+LiFd+jABFgrpDPdFe
/2DUwCXJCzvhsSf4zb0UAsNcoIriJqzO+umRxzopMuvGofUfw/Z237kOGd/IHMeZ
EsJ9ho6QG3Qb8Y/XOcpLC9vWF6xSGjh2MROCCrByL8mH07BeAk2BKb4Mhse+yHBe
ISFS/rADRelL9g3QQWsaQIXWN+fevIXxVdV3UJa52+w80ExMUXpPTHOtJJxbkXoC
HTB9p6KaooI9VoTla0YTYNFPhX7GcK+vGMv6RHD7Zn2ezMeYMSfBS42k6G96Nm30
fPsXSQ6DVRU3sX3Y+Ur80iAkdTo8SpPcfc2zTT2iDZO0LKL/Wp23R1g2BL87Lgnc
iy4oSAS/2fZ7WsqMeXep6/nkmb21WWO64YpjSDHQiE7cHYFptU4xzRl99zpqGbTh
ffHbIyWk5lwjiJVveDjBMkzh2Qkc9hG/W2PnhCzVBqUO8SJldBhRp8BT1pCdY78z
UMsH7f2KFT1J1FG48dBHdecp2iRuXnROh5nb1W2fxpyA0JfNCIfV5ne/1zvuPxXl
AFYnEaIyBGZReqm+mqfe98S7eRM+eSdgmuPOSyYspAJkcpQBCkUDOE/7vhz3hF46
iuMNvB6DsBiIIGGh6kBXYdSpkgjLsB4tGVjdzsJ1A+GNLn/K0M89Ngn0qftQHGNj
fXxRHHir9Ar/MGQiFGidozwoG4zWtbdOf+dp+ILPMowt6Et/7gxTr4pugfuCR59H
DL+xWX31lHH2sxQKQez+B9fKu+K5bOCKFLg28fN1xOSH/9GaPSPmouSDA6JbcxoU
+IFPLLmzrB/t9jGTedR4vR/f5OhYPabTGqBa0zAgfWFQCUVPx9bFL5oN3z1rtf6y
iSXxONqO1sfhRssdewUvF3XviypUXn01flfYiZbdK0otD5FwDc6IXz+kEpGGl/3e
rTVV5SJh4wV6qUsxSe/hVzlIwbmdbOFAlbERRTak+4TSlSFIY6/+PPeFuhFh0tmB
u4xG0BrCfbJ1oulFkfKvtmtH4OGwCt9OG61o54C+FBzLYD9klJuHnFdVP9rsm1gO
bobRJwX3RcArImooC/svGxP/D4f8XbgH+fxxjOsng0icrZ33TjG8Y1V9+KqYlUuv
umoCFg0KQgohghP8Cd3iknp3g5BAIv+5jl+AMACar0xx/+fM7lX6WKh1EZui4jQP
cU5L7JU1SYyidM0RhbRup3iMch4G2BeTrYoRbBp/WaaFXbzshykXpiLrkTQimbag
mW4WXW/imOO3OKjyHTaGUsc6dypFzxDUOO5QmRrVq0d7v+HnVc1eccayj2aIfOyg
SpI2SguLY8wez2t3gdM5qAel7+9CKPk8NYQElBYO7wdbE3wgPmF2VkAou/PNuVlU
KBlODcliJSbtn6NBcmViGoUVZrMBvpDF/HZR22B1p01r35ie/trsBr4rxR5AD2hK
MVjYYrou+33rGQenvtz/Dl+PjfHTa6X8Wz9FtTYGPMwoHZI3XhPoRWrGc5zWuxOo
Nfb2PtqPd8fvzqiLJqC1Tg8bJrQwjbU3jAblN/l8JmxPyTnDoN+7+lPXTycglyi1
a7HrnhPs1AuIg8k4dSdzh+PyCUxChP++/a2R9mdqZNlwKkqInXwTO0H+It/PfYib
i4o4zAGALMMnFvugm6LnfVNStC4Meffj0kin9vsAzS8zokD5woObMbV3QGANxiHh
3vjdqRs0dq8tu0rISHt7t15LHJx/JtyAqVRBGj0PLGt931BSleZNMjH+kt0R/2gS
OGMvd71mK+imljGIxxMv96Kg7UkdcyAQ/QKl2sbtPwBEP10uzFS2IDKEuzTqrSTg
lA4cXehDRQb+yXHn/juRlCl3HmccM9JfZk3Y8cl/0eeh4WrjAHMVii27Ng2r23LJ
sD2Uub0/7UVLiM/m89LXUbSFVWGoddi0irbbVoQ8RTg86s+WngY/HfbxXQ0Ep0yF
K3kkhioCpWwwLZrKOn1HmVGCZlC26yff5v6JxdfO8cSQw6u4EJUA6RkwiMlaUqF+
ptKA0Jeh3bwWDqKMxFxFhf2edMCZELM1YewxOnIuaipK2djnMwLR+qfX07/7gs9L
yIIhu3UEdZR4e0s+D147gRKnwmPjfkiHEginvm1Xc8p2MFhcx+U8rwMBiPd3pz03
W+M0XEfjiBKG351OqLSKiQubXs12J2NryDSFEN4wi3jqRtpo5/Fu8BG9MQIfCCwb
euo5eWREhB5M6Itpu7kvesJ9deVrzCcSz8UfaJRSn2kaaDQu05/hvpanF8v+5WCa
r5mLNRySKQn7LGxo6BHGk2VBsk8qKVcQRJU5sYuPTudRJ5aMnHyT5LOhT1OvhkqG
un06tKGcQ7LH9y3xjeIL4a5r8I5rjxLbj80wr59Gm9QGWVJBCfMgNoXKHBD5dC6V
elkil7ZwpGGJCMwzM7yr/aE/k2f9+TBLE9/MVnltBGst4MdYTbWU//+n5KTsmMYC
NxCh8LcATVsWF5nZDfhdoDWcyCxb/GBhyR/YKrvGnPZhUc4+MD0wITAJBgUrDgMC
GgUABBRMSDUwmkkbl5LPYdjT8v4o7ftOLQQUt6zHqDbK6eagb1gujtWZmFqednoC
AgQA
—–END PKCS12—–
ciscoasa(config)#
