{"id":2024,"date":"2014-03-11T15:33:18","date_gmt":"2014-03-11T15:33:18","guid":{"rendered":"http:\/\/mccltd.net\/blog\/?p=2024"},"modified":"2014-07-22T19:29:03","modified_gmt":"2014-07-22T18:29:03","slug":"installing-a-signed-x-509-ssl-certificate-into-asa-via-the-cli","status":"publish","type":"post","link":"http:\/\/darenmatthews.com\/blog\/?p=2024","title":{"rendered":"Installing a Signed X.509 SSL Certificate into ASA via the CLI"},"content":{"rendered":"

Having already generated the RSA key-pair on the ASA with “crypto key generate rsa mod 2048”) create a trustpoint for the VPN users, generated an SSL cetificate and CSR and have received the signed X.509 certificate and CA and intermediate SSL certificates, the certificate and CA certs will need to be installked onto the Cisco ASA.\u00a0 This procedure describes the method using the CLI.<\/p>\n

STEP 1<\/strong> <\/span>
\nAbout signing:
\nEnrollment (getting your SSL certificate signed) can be “self”, “scep” etc. or “terminal” (manual enrollment).<\/p>\n

crypto ca trustpoint VPN_TRUSTPOINT1
\nenrollment terminal
\nfqdn ciscoasa.darenmatthews.com
\nemail netadmin@darenmatthews.com
\nsubject-name CN=ciscoasa.darenmatthews.com,OU=UK IT Operations,O=MCCLTD Inc,C=US,St=MO,EA=netadmin@darenmatthews.com
\nip-address 195.88.229.125
\nkeypair DST-UK-KEYPAIR1
\ncrl configure<\/p><\/blockquote>\n

STEP 2<\/strong><\/span>
\nGet the Intermediate Certificates provided by the CA and associate those certificates with the trustpoint. (Essentially we are going to tell the ASA that we trust these signing authorities based on the certificates that they give us. These intermediate certificates were also provided by our CA. They are simply flat text file containing a PEM (ASCII) encoded version of the Intermediate identity certificates.<\/p>\n

ciscoasa(config)# crypto ca authenticate VPN_TRUSTPOINT1
\nEnter the base 64 encoded CA certificate.
\nEnd with the word “quit” on a line by itself
\n—–BEGIN CERTIFICATE—–
\nMIIEQDCCAyigAwIBAgILBAAAAAABI75RcWkwDQYJKoZIhvcNAQEFBQAwOzEYMBYG
\nA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh
\n+wGfcVAvZyZZjz5hIEdCoyF8YAOFlmsib1HB7E891oWrEhPKNt8dTQ55ngFiqAXV
\nHMOvmh8Xwo1F0+Lt4Gyn2NnVDRiPl0xRYe2l8yfF2rrkypjti4od7fVmdjcGzhdy
\nGVbahTfSVw11IJJ2qR52c0wzGDB4hiLXArs6WYY+vNd5ngX7LGkKivlYS0fmcsWp
\nMuPXh26KHFXRFtRfg9nuRIbUJhfslH49YtZOXKBdhiNmmKoP
\n—–END CERTIFICATE—–
\n—–BEGIN CERTIFICATE—–
\nMIIECDCCAvCgAwIBAgIEByczJTANBgkqvkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
\nRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
\nbqjnuSmToOTuh0lx3ne3Xz1UpqoGzUvg2KvLsQ80qiTYdDnFwQTPX2TJkgrrqh0f
\n5nF32+sVXvGYDnhZ72qv4U9\/OAar5O9EvaUHvQ==
\n—–END CERTIFICATE—–
\n—–BEGIN CERTIFICATE—–
\nMIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
\nRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
\nVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
\nDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgvVBAoTCUJhbHRpbW9y
\nZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
\nVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
\nmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
\nIZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
\nmpYcqWe4PwzV9\/lSEy\/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
\nXmD+tqYF\/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f\/xXtabz5OTZy
\ndc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v\/ye
\njl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
\nBE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQMwDgYDVR0PAQH\/BAQDAgEGMA0GCSqGSIb3
\nDQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
\n9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE\/szKN+OMY3EU\/t3Wgx
\njkzSswF07r51XgdIGn9w\/xZchMB5hbgF\/X++ZRGjD8ACtPhSNzkE1akxehi\/oCr0
\nEpn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
\nksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ\/1\/I6eYs9HRCwBXbsdtTLS
\nR9I4LtD+gdwyah617jzV\/OeBHRnDJELqYzmp
\n—–END CERTIFICATE—–
\nquit<\/p>\n

INFO: Certificate has the following attributes:
\nFingerprint:\u00a0\u00a0\u00a0\u00a0 64fc5f79 945af76a decf4fd4 a1a79496
\nDo you accept this certificate? [yes\/no]: yes<\/p>\n

Trustpoint ‘VPN_TRUSTPOINT1’ is a subordinate CA and holds a non self-signed certificate.<\/p>\n

Trustpoint CA certificate accepted.<\/p>\n

% Certificate successfully imported
\nciscoasa(config)#<\/p><\/blockquote>\n

STEP 3<\/strong><\/span>
\nThe CA has issued a (signed) certificate tied to the private key. This will be another\u00a0 text file that is copied into the ASA:<\/p>\n

ciscoasa(config)# crypto ca import VPN_TRUSTPOINT1 certificate<\/p>\n

% The fully-qualified domain name in the certificate will be: ciscoasa.darenmatthews.com<\/p>\n

% The IP address in the certificate is 195.67.229.127<\/p>\n

Enter the base 64 encoded certificate.
\nEnd with the word “quit” on a line by itself<\/p>\n

—–BEGIN CERTIFICATE—–
\nMIIFWDCCBECgAwIBAgIOAgAAAAABRJNGQiwwWVMwDQYJKoZIhvcNAQEFBQAwUTEk
\nMCIGA1UEChMbVmVyaXpvbiBDeWJlcnRydXN0IFNlY3VyaXR5MSkwJwYDVQQDEyBD
\neWJlcnRydXN0IFN1cmVTZXJ2ZXIgRVYgT0NTUCBDQTAeFw0xNDAzMDUxNzI0MjFa
\nFw0xNjAzMDUxNzI0MjFaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTU8xFDAS
\nBgNVBAcTC0thbnNhcyBDaXR5MRkwFwYDVQQJExA0OTAwIE1haW4gU3RyZWV0MRMw
\nEQYLKwYBBAGCNzwCAQMTAlVTMRMwEQYLKwYBBAGCNzwCAQITAkRFMRgwFgYDVQQK
\nEw9EU1QgU3lzdGVtcyBJbmMxGzAZBgNVBA8TElYxLjQsIENsYXVzZSA4LjUuMjEQ
\nMA4GA1UEBRMHMjAwMzQxMTEoMCYGA1UEAxMfdWtjbXZwbjEuZHN0Z2xvYmFsc29s
\ndXRpb25zLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALodDIAe
\nOaU4xhKgd6rCmk4E5LuKxBaGuPvj5Q3bvhMrCu4l1Ju\/cabhrsvkuDgisGMkLXZj
\nxMVWl3+9oB+gCTH5fhaa6QqprGhK9gA6b3Lbm1PkN69JDEZDfQ+z2JohaXeVZ2Rc
\npq7VtuFUy0FT7qWdoIm8CbX9iYyEuTYNyYUVsCfhb60Ho04PA+0IE+X6OI\/Et1\/E
\nJr8kx\/EZEK8EYRblK+DdFqcaNB7tEanP+CFXQqg\/uXtw\/FjzM3KmswPYBoyH9jn4
\nbXsk\/EqeFr83FcnHGlN4qaNDoDySUzg3jnMF5j1q1MKqDlXIgblAQ2c3\/WvKIx1C
\npA8v\/eaSO2SqWdMCAwEAAaOCAZQwggGQMB8GA1UdIwQYMBaAFPOUqGamehSGioTg
\n9Rzb+QsU0FQFMD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDovL2Vl
\nLW9jc3Aub21uaXJvb3QuY29tL2V2c3NsLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRw
\nOi8vY3JsLm9tbmlyb290LmNvbS9jdGV2b2NzcC5jcmwwHQYDVR0OBBYEFF+or6XX
\n7NXinRCY6gDUImBos02FMAwGA1UdEwEB\/wQCMAAwDgYDVR0PAQH\/BAQDAgWgMFAG
\nA1UdIARJMEcwRQYKKwYBBAGxPgFkATA3MDUGCCsGAQUFBwIBFilodHRwOi8vY3li
\nZXJ0cnVzdC5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeTAdBgNVHSUEFjAUBggrBgEF
\nBQcDAQYIKwYBBQUHAwIwSAYDVR0RBEEwP4IfdWtjbXZwbjEuZHN0Z2xvYmFsc29s
\ndXRpb25zLmNvbYEcdWtuaXRAZHN0Z2xvYmFsc29sdXRpb25zLmNvbTANBgkqhkiG
\n9w0BAQUFAAOCAQEADpCmX29ekegFpL2wTVdn1BQNgu08vzNMqGA8iWtm1unKGi9G
\nTmn7moERCusvOg8aAVI6PNJbaqIqEso1r8CtpA1VMEJX41sfXypngBYFOFJ4q7zI
\nFzUNZMaTIL+gZ5qSlaF9F5Jn5+dfW6EJteeMdI9omRvjP0\/C8IGTrO8jC3Ni0oGd
\nYkppdfjNKjWQZ4uQFx1i1MctTJd7eGq\/8QhKq5zP4jQjPgG8Bq0EDfjhdsEQB9Gt
\nFMYgidyCt6UqC09DriG7wQ+ShqQeASWRpQ2mz2JZVZWF1MD+dAIE5eM0X1TqjziF
\nO9uU9La9yMFVJqiS9O\/QuZAvd+QocnF0UeA3jw==
\n—–END CERTIFICATE—–
\nquit
\nINFO: Certificate successfully imported
\nciscoasa(config)#<\/p><\/blockquote>\n

STEP 4<\/strong><\/span>
\nSet trustpoint to outside interface:<\/p>\n

ciscoasa(config)# ssl trust-point VPN_TRUSTPOINT1 outside
\nciscoasa(config)#<\/p><\/blockquote>\n

STEP 5<\/strong><\/span>
\nBACKUP THE KEYS:<\/p>\n

ciscoasa(config)# crypto ca export VPN_TRUSTPOINT1 pkcs12 ciscoasa#<\/p>\n

Exported pkcs12 follows:
\n—–BEGIN PKCS12—–
\nMIIUNwIBAzCCE\/EGCSqGSIb3DQEHAaCCE+IEghPeMIIT2jCCE9YGCSqGSIb3DQEH
\nBqCCE8cwghPDAgEAMIITvAYJKoZIhvcNAQcBMBsGCiqGSIb3DQEMAQMwDQQIhVNd
\nqYh8l4YCAQGAghOQT4atx9GN3QU6Y1l7Wy90X97GsTPC32wPvar0jnAgoN9EXMTo
\n6LqtmAqD5KJk\/nSTdcEbF+pJ4jD9VgcvDCnVJTFL+YWcqwKV36g4qTrEAVcyyoRA
\nElj2xgVgHca3SA04YaGoLMAQuCsD0wcwjI8gMXMtoPH6sAeaQpDsfYvfp8PxdRPf
\nQizLUuTDMQnWB1tNPCJGT+yk5GVcAjNyQKU6\/WgyTWGSs\/hnpoTFupguT9TP6nx1
\n8BSo7uYQyuQobauxdha00QI7SB+yCS5xIluNdGw8MqIyWdwHh5fB66gZ2sFlsHil
\nrGv0X27ChtWoOgqetplHuEwhZniK1gq\/+AcBOO1tNuBso2\/0V0n8osk\/Fygd0HI9
\n1UIe7ym3Gev+XcgxJo0+xMPRNAdUnOrXmgBBR0OT4\/pk6lempDdsYuB2lYEMZmtQ
\n6dl7l4D13yFCfLN\/QSHHEyTWxJJcbrO0XEeoTZdjA+2o\/idESxF5Ikzo6+YX6Rpf
\nqqJPZajpJ6TTd19HeMGIpDRHbfYcl0zewsNlO8XkOss83XEQa1UVdaeRJnNmES9W
\nO0uM0Q7EpYSthJJuGGBQr5BkmFGpjcfMWKvbUNunupyP0I8oysogIIp7EEW7AzXR
\ngRENzUl9IBRO\/+2ah050icQ8wLIXL1fW3P7P880BzGg2dWLgqHZ7po3dim2UsH6L
\n8pP\/MZJVofqGa4+1gETWuCPDD8IMTxI1xQoEQGO7SX8GDTIfcCNntmsMU3dR8w7A
\ndxnvF92UCYCQeU4wOJnfjKjniXm5z147nhu3\/0HG5II8\/ynF1Jr6NHaotXkpYJ\/t
\nvdIHRS2jh\/p90ifkF5\/\/54pqTv9M2gcUy7YFNV6+7wUYhWtUVvQQl2mvHeax05QP
\nPmpFhlPKo5iqUJMZbup3t+Cu33eLUy2hgeyMU6ndSeBiGj4AnuTVp9oinUdx8WhK
\nl6H1I2xsEwszgRNgsE2FRHAmwVp5S8nBC9ghOFOue9fWLxFU895Ab8a6L\/\/Ysqgi
\nG5O+oC+7sSMrpE6+98HJh\/GLDZiypP+XV2O3pLRoOo2bFOCSAC4inB7oH4LKEYuX
\nI\/A0howy4XrwV1wq86U2JkLdvjrayKn3V4iux3KUsrzlPqg480P2rKpFIzst3LkY
\nvDD8HsAPu0Er54MdNGjenKahmZ01kMRc+qOO92XSAizp3wbguFYiIALwjUIGQ82d
\nl1wqeEkO+7gwd9uChGtmTrW8fRDFiiooBuULOunyiOfRm++NhLyKpoOcfwUg52ZR
\nEtiCF7hMa4+An12DNDDFAV7TVsAn4i2AH8JxsymLp\/1Pe+6Y3ceJgLvOsezmB0tN
\nN0pROpr3Qm\/\/e3FeXzTpI75CmR+unUYz6mvehfW74tHGb05Z8hNWsJlXN7LxdiDU
\nQkJ8AIBJAPbLgtswe4KeBxCdr3mIF5+LboxF1Wezup1bS8lKlaD4ZPRWAbZsdm15
\nModGH0KIO9A40t7ba1dfTKbCipmas16uzTCuhcfrFeoon\/mEoApeYkm+s+8kLrm+
\nMpLO3xVlNALlNzEfmfllUTjLnqo70n3potyy82NHLfNKJ5O6qPe\/y1hdk4zZOiOY
\nA5fhmzHx5Ao2h5W+K3qNx9LzJG7TUwD38qWB673Q1qCEql74BVha+tYvA+GitYJ+
\nrGk4deHzXinNtEUjcuCPwlFO97VldnffrjQgsc50hrAt9lJP\/Vp63\/F03NxI6kTf
\nCOnD2VenD3djmOnQXfX3DuEw1oW5Zjs7oqOc7ddT+450JTMzjC3TxRb34AmMpirN
\n+UVecHDWPsitbrb3QSoVcdNP331efBd4EszEyMp5B9cDZCn0gRlILrHm4gG3mZPg
\njSkzmp5gmydKU7i\/vGLNxTi+Iq1R1keqtrXxngdlQ2kh230Wya+2CBt74y+x3EK4
\nrCSfJBpRk+iCYNYIxSssVbak4C8siVAG9RJBfcLlDCRDfDBNwxgQ1rcSePmDzM6P
\n\/m1TigW4H9SqHGLbOueILAWaxPXZ6ySKWais6wV92B3thKGBpglCre6Ooqk60AOy
\n2Q2v1vO1JKBkaPf4i8Oj0fzSzUKI5oARriSeM7ZrijnQMiNe9bJhhaVEdyIc\/\/9V
\nt\/t3G9FgJxO\/j\/vM5h+wmJ9z6cZmS2pG1lSWJkIspsAxMqWZg6OkdIrbYZ84LwSZ
\nz0LDzWUgX5D7gsUYh3fLTma9J5N7DVynY73YC45fbs5pi5SaEgbbIocOeHbssvG+
\nf3coDrrPSkgSHNv2JikZUXP0XIDDDaPSRmkCEktx8hxpwVLWklLSlhUToXX3WAHo
\nZ6AfXb3g3STh0Sii9D4dfpAcfG9hPBrU29BjBUBl6Sy8kyqCZfFpQnSrDD\/mUQ2c
\nDkzojF0HukCfGE6pV2kdQpmWDoqEQrBBjDRkDRYg8n51BLvVA70k4fsP6lgOPgQN
\nMGXuL7CMypQYvYGZ4lb2K6riYSqEJW72TSXY0G9PyaDFeRnS\/9ANDUU7XprIzq2v
\n4wnqh1bPwIxadDi7EIWhG2YjpFabZgnBb6w3GdZPAD3hQFPsW2ZQb1YZY5\/my0mJ
\nJLY6kBzScTxzbPMhz5F6NCvm9hJU6fPEB9JrDFCEvMipQyIJQPVqubdySxwObJM8
\na\/hpcuCVZ5w4PsZ4lUq9o70ev6JIPBE8wfFI8iOn7vJvSikWuWEQ+7hF7Lli7Pp2
\niu\/MotMb4DdynGWz\/TRkobDgLp2ZT4+ydYeDS5Vj4NdXEOYXWAUcpKfHkjz98hrC
\nNSbOmeZq5se++mXsQRqRB\/9\/rzDU2LilNuvuIhJOkc+bfrDOm7uyYmP9SIehEg4H
\n6uPhvdlWpy\/Q3jmwTQAReNFzbPmC4tNB+DD2w\/lYE0FAnp22vum0VsQmf\/FH4JmY
\nXtnytzpGUvw6fLqmu\/rgg8wUHFCS82HG8N90WC0ge+pUGhFDHMcPUxr4\/9AgqgrR
\noZbPXiqATEVo0hhAuNL1zIUzPYjjRUzArN62il3++gh73hnov69ry9ZifdxvvN4o
\nHqjMKDvVzNRI0XUNyKiihh0RjJ+e3YU2yq4lPyzg7lfCr\/i8n2oZU5sWf5PvNvMB
\ntC2lg+eSRME7mbC9ooQCbg3aCPv9\/ll0cQAZmNyF7vCGJMCe4+jVDVzI+GOzq4+Z
\nomiye\/imWSYkzgy5LSGoDetb9at\/MUh3nCZtCEO96fBKBNZ19vDS7TPnAbG8RVzz
\nKO2Daq0DoR17IXLpf4ZnDohdYaeMJs9gq+PG3lXKGgCR\/2WVs4btwhjLdAWPndHe
\n6hmAfFZVj0olYXgipDwHktYQzhHHlAhfxCwMriaEJAEWK45fkoElrVRngXAuE8II
\npqfkCjL1SzbP+K7rnHywwCww+Kntxt6PglFqdc1\/8WcqLUr5hQWVVbaIHPRiA\/2r
\n4SfyK70R7dYJosYrjnWkLN76nXHt8FIxvmey2AbTh3BaHNA3+Dd2xxCzBZDWOCtp
\nKPxUW6LitD4TBZNhbtwmW1cWLzJdWJs13MTBgtJe5bz9o7FQkM5JMM7S9oG5Tkhm
\ng2je94krKQq0fUSFgwIJ3MwwK1xWvQGpTPYA1jb2xBWrEs6vUkvda4J8A8iRW55N
\n8TorJRuv6qYu+0+IkPLiDTunjzX1QyiHys1PC8gNG28se6DcckHTwaalsZvS22+z
\nbhRq4qVEXRSvGwiv6htr\/0qsYX3coSQlTaeT+Qn3kUHU93MRS1G2idZ+k7Co+Lc5
\n93aQX+u70oYSVMx8gWocbTfSgSEAyzo+57aj1tvnk8xvGZC+CpB837yyEsmOn3w2
\nmPWPn9qy5p1Heag60kOdKAB+HPDXLd6dwBgSG1+mOiHWJn2qRrMJ7Q30bZkafKdt
\n\/sy8hKd0gHroqbKjOVddA2dDEKQ9TCMKpXAcKZaGMu\/61dFpvUfeKRVVJ1pkC+mZ
\n0sTb9S5gWKWDzbzK+6mgoAgrrWDRt7qFm4Ni+DnZpA9RhqQXgLvGycF7qEGcz5f3
\nYeah1dhbe+8kZGweu7wP5l5UPblp\/fiCXio4Nx+4G9PrDpjgWn8D0mYfG7x+Z3UH
\nUYK6MUE8JR4yENrETvP8vgklkona\/JkgW\/oPtz4PDd6KAMBe59MmqDRvjqTJvCrr
\ncKrHt\/1pjEGi0zTC\/KWcAmRFjLP9ZQFov2RDGJitMBVe+WMsVxPDl+inquWmzJRZ
\nqwzyzGrt46R1Cq+U7vqCUJVfQ\/QpIEty7TI+yDJkKrJneDHRn0Cbi7ALk23QdIen
\nFl5\/Wm+0xjg8ycyCZSeUngHrqWEMKl01R+URpz7RReQK3ULd5oOPYnH9lLeV0BOi
\nlxIp3z1Y2aTOPcViV5ia5Bzwwymd8W7xbkaAfsVlcULS6vc5Xtj7lnx1v\/IBEVgQ
\nF3j8e9JIuRyBFDBmCM5ZGeqow6QU+0\/V8j8rgoMJlGXtXYU4Mq5b7k6joqshWPI2
\nw\/Q5B5ZXrLEN8EStu1wXJpvhHAxjDO87pIUVbDzQdZNe14uVlbKlptdCb66Vm7R6
\n3+5mQH2ZFWUtAdenlFVS87KDw8H6PuDg1gc+jI2mEUnu0c4hSGPbwpKOioanInM0
\nBcNfc9R6fjLzAzOh7pI0QYKOTm7gXz7ej9gMm\/e5tZVRQ30V3D5A0Uj95cq6gEj\/
\ndFo8PS1tL7k9r9qsXwR0CCszpjnSNX53VbpSpqBimqfqd51yVsRugEEw2d216Or3
\n0ObBXoewJXBl7pKj04tjjPiaK6\/UBnkwH\/\/DJ4THqHXwss6PCZB\/LRmASjqmHcoL
\nXHvam0v70kTJ0k114A\/udqvUq0ByaJusQsmwtdy97NTqDYCNYH07brAWiij61T2M
\nJtXnazxyUDspp2KlI2bWigupNu2RyHk0bOjxSF4fb+lJeK\/uZBrtLdF9ih6FqCqb
\ny\/fKsutUUPM0WrsPfU7qbvg5+kY4popqpWCdUGwkx5RoITi1teo9DmLuhiudaJH\/
\nRMwTtK7Rw3jqStOgFwH+B5BsplFAXMRHJyp8ZyOAT\/JD8eyl32VhAYW7ZTPj67uP
\nGtMtv1jiwCRrwPxmsVgl0UCekY4BF5VNhS5rkl8HDEc3tNQpe+vy0ew3ksYM2Y74
\nxpE5vPobdUWkuoiPYg\/B7HuozcnoXDpOVedIG2\/ps\/1p4VYAI4LCnu5tHELfJwB6
\nW55AXiCmtEsujtzhUe8oMbn0MO4hlk+rXR5fGI3xn1ik85z\/8XmIOukXsfSqcO9z
\nUuMmMdWi9n+UspxMYdxm6LE5OSncfhklbLj5n26vMMMHQ7VzEt5rGDV9bGS9X8Uv
\ngZvj5di1gI7yhZReLqH3y7HzqPGdng\/PC3ltV3Pn2NujSq7yUXFuyo0cac8RoMIa
\nRwtQB7thj2F4d+XOzp8GLNvVdUPJUehSSReu+yeXPL5XC0GKnB8q7lCYWYy6PNlI
\nvdUqOYnnmtJKCTTjfXaYzlj5Xi45YkKAQFhiJ\/B9sP7UQ8Do54jy416W1XtxaqFt
\n0Rd2gkHbZMjnL2\/Vuf2wm8Zop2yxKEbtZNmCG76VABxkGB14z1B5x4v+kJIFB7ts
\nQek6Tts2HESkqDwJ7Ebr3Bnqzctupj2hnxVqVMSGczd+OABWxs9xyp\/3JjsscZeG
\nA5Jog+XTP7l+DPnnFw85G2M+lmq4mkR7uGqAI8ujFvp0WTAjPe0hCoaQth3UzaMh
\nKj4umqssCtu3Katq3ZT9U7JSHzd7kysUg2EFmIPEA1t24zVUBRq3JRiVNVqp+7Ck
\noo2SwvxiP3jlnAet83zpmc4lqW3X04p+iSaLIO7oHd5YjImaGBk+MjJcvGDAMBiv
\nv15xyZLEQEPI8uHJ9kau6w89UswI9LlUQONphCcmM6zW3Bj6EPjhQmuWfYl+C8dm
\n1ptZPnTYdBaNn3lxvH42+narCb\/ThVsERY0dGO9tArf9hTY6LMJVav\/deSSBU3JH
\nyS+it0ufOzm1ohQQ59IfTR0WfFz2aBJBAGxbXR2YF2AKWUsdH5fugBGdkwc+oWs\/
\n5uSVMWLuRr4XArj+8ZE7hf\/iOiz9Hz6sQN4zwus97rpNZE6ES0maOMGaQjddjvLC
\nIBA5W9nbA1rbPUGbD3QiYtBeEOLEc+s8VK\/epGvszq0E1CvuVH2DhcX4J+eqzDA\/
\n\/T+PLDZneatkhSqZCSJn9QepviEGNnvuK96CG16g\/xD3wphZRaLbBpB6bm5TO6wA
\naRNyasVFeCwU3Q7bZ8nv48bIoZ7Q4Q1V1BWG6Rmt91g5cnoiYcEgiS487yqxLho\/
\nQLLPDj7h04WbACZFmkiac97RZ3i3N9otZUrt9udRmqUhADdf5QNv92INe92fDV4v
\nRxsIlXONLidto9oZt7fBPqtbc7boWjcMKFOsPDfzvzb8AgSdUrP4vT0GqXzGXB1Z
\nleVTBisIP9AfzpBGWOxbTCximDk2vGKQPiNOZsios3E3klB0qg2Vs\/TnYqvvpZAp
\nPweI0hfvpNueK3eQPoTZUUpQVjkY3KEBtQnfgr0tocmJv5wxMsoVsLe434vjbCBX
\navgKwKfJsXdIT+HBeArfMGbsEHMt7rkRXUSDSMkQTEy3G\/Se+XC2qD4+GKNmhXyr
\nkKEoI82w7U735S0JylvHa7HM+D4wRKcqqIRrTpehj6E5WTd7V8i6V77eDkNINNJI
\nLdQgMnxpfBNqbJ9FDfddy5xuSEWLQf9LcjBG+RzF5IiiCrVgfyp1ztmdpe4bmqOM
\njNyIsyDmkE88iolyEIit0Lvt1Tc0J7qUGsOUyTA9MCEwCQYFKw4DAhoFAAQUGXCd
\n16j53dMCo7mfg1XuwJQm75gEFKUqvF1I80byiJZxMgDCa3zzBEx5AgIEAA==
\n—–END PKCS12—–
\nciscoasa(config)#<\/p><\/blockquote>\n

NOTE: Before adding the certificate to the trustpoint, this happened:<\/p>\n

ciscoasa(config-ca-trustpoint)# crypto ca export VPN_TRUSTPOINT1 pkcs12 ciscoasa#
\nWARNING: Temporary self-signed certificate is being generated to
\nexport the keypair since an associated ID certificate is not available.<\/p>\n

Exported pkcs12 follows:
\n—–BEGIN PKCS12—–
\nMIILPwIBAzCCCvkGCSqGSIb3DQEHAaCCCuoEggrmMIIK4jCCCt4GCSqGSIb3DQEH
\nBqCCCs8wggrLAgEAMIIKxAYJKoZIhvcNAQcBMBsGCiqGSIb3DQEMAQMwDQQIcEZC
\noVByV8oCAQGAggqYT0LnSEbpFLp5BX6nkmrt808ZkNCYAO0yzQZu76047ZESr+yS
\nT2aZFDkXYA8s2VD9XpdIFyyNM1aPoIhktUsdF10mT\/XvW\/neetbvz3npFZfyuJg+
\n2IHhua6QhuV\/rt3G9xJfJE0AdP0w\/Uf4jsw8KPEhkmUM5V3iun\/13LmDMiY80Uvu
\nJXndux3lR+R\/hQKEv6ISZ4+c973YtYhj0nS2U+Rp81krWioxmTWsAob\/xZyhgBct
\nPc19MFYnpX5q\/oW2cM9AC1rtZ5EHnipoDBKdqlBoCTeegshYACpFZ70KdHwvM3ZT
\nBivEiltQ0kDIVw2DC8C+lp1Fy\/DmLos4GDuiU5wQLSGYuRBDg4kyXyd8cn2o7G7f
\n2EJGvEtE9VVuOeyt+kPKOHbEkjz\/1DvH0lFhgqcB0o0LWbNoJizjcgeL6L8uYbzI
\nWoU6q0at7dVJYM3ow7565tEaVHRby0WP3GKlnr4r8rXJx4r9GiKd5xprhfwBwGh3
\nzggCVXz9nGvCoi4AKGGlGCam4KZCcT8SPliklXbQ5Sb6vcFk9SubmA5MvHZ1I7g6
\nUF7e318YJD8SxLIwWusKfz+omi\/GbURi\/DdQxGglgTY6yoTFKAio2R\/DcLDQsl5j
\nTS9Dm8z+XdD\/VRVMYftMaOSCDEWaa0pVxszg5qDAvwQAXTADONq\/a9PIR0EcOe4k
\nFBRjF5czqJ0amvbvIxcatmvxNSczQ21YRtotw6TJu+0aMRgWlHaGNlXVmqBG4aTq
\njxsaIqR+7KfsX5A9z7e9SfJJQ2KQLt0XV1GD5qiplOyJYiwMmYrydCdGKFaAfcaO
\nj9mh9spsyDJMLigsjELJx2O38Ip4JTwWWutJvIjxlqN\/fiKos\/ZYRfSXd3JZODHm
\nSwVkJtIVoTQG1ovm+ruyc6dywaiy+pU7aqnBRhnKD+\/K2o+N5YkLdIDp9z426Ng1
\n5G9bHSndWIjwKOcc6oVFU7kZlEMZER+ER0kFSAm3rCuU+ofTIBJgX+hqUdaS04qS
\nXbexPfD\/X1Rlc7Jhk6nZsjp2Ap9fjTRfrAHNQoMZtUCno8q2ebl33kbu5Ipfs2y6
\na1p3Tt8GlxdWP+9JNDeEUM01RT5p1LRs4pW1OkIo8mYem3+LiFd+jABFgrpDPdFe
\n\/2DUwCXJCzvhsSf4zb0UAsNcoIriJqzO+umRxzopMuvGofUfw\/Z237kOGd\/IHMeZ
\nEsJ9ho6QG3Qb8Y\/XOcpLC9vWF6xSGjh2MROCCrByL8mH07BeAk2BKb4Mhse+yHBe
\nISFS\/rADRelL9g3QQWsaQIXWN+fevIXxVdV3UJa52+w80ExMUXpPTHOtJJxbkXoC
\nHTB9p6KaooI9VoTla0YTYNFPhX7GcK+vGMv6RHD7Zn2ezMeYMSfBS42k6G96Nm30
\nfPsXSQ6DVRU3sX3Y+Ur80iAkdTo8SpPcfc2zTT2iDZO0LKL\/Wp23R1g2BL87Lgnc
\niy4oSAS\/2fZ7WsqMeXep6\/nkmb21WWO64YpjSDHQiE7cHYFptU4xzRl99zpqGbTh
\nffHbIyWk5lwjiJVveDjBMkzh2Qkc9hG\/W2PnhCzVBqUO8SJldBhRp8BT1pCdY78z
\nUMsH7f2KFT1J1FG48dBHdecp2iRuXnROh5nb1W2fxpyA0JfNCIfV5ne\/1zvuPxXl
\nAFYnEaIyBGZReqm+mqfe98S7eRM+eSdgmuPOSyYspAJkcpQBCkUDOE\/7vhz3hF46
\niuMNvB6DsBiIIGGh6kBXYdSpkgjLsB4tGVjdzsJ1A+GNLn\/K0M89Ngn0qftQHGNj
\nfXxRHHir9Ar\/MGQiFGidozwoG4zWtbdOf+dp+ILPMowt6Et\/7gxTr4pugfuCR59H
\nDL+xWX31lHH2sxQKQez+B9fKu+K5bOCKFLg28fN1xOSH\/9GaPSPmouSDA6JbcxoU
\n+IFPLLmzrB\/t9jGTedR4vR\/f5OhYPabTGqBa0zAgfWFQCUVPx9bFL5oN3z1rtf6y
\niSXxONqO1sfhRssdewUvF3XviypUXn01flfYiZbdK0otD5FwDc6IXz+kEpGGl\/3e
\nrTVV5SJh4wV6qUsxSe\/hVzlIwbmdbOFAlbERRTak+4TSlSFIY6\/+PPeFuhFh0tmB
\nu4xG0BrCfbJ1oulFkfKvtmtH4OGwCt9OG61o54C+FBzLYD9klJuHnFdVP9rsm1gO
\nbobRJwX3RcArImooC\/svGxP\/D4f8XbgH+fxxjOsng0icrZ33TjG8Y1V9+KqYlUuv
\numoCFg0KQgohghP8Cd3iknp3g5BAIv+5jl+AMACar0xx\/+fM7lX6WKh1EZui4jQP
\ncU5L7JU1SYyidM0RhbRup3iMch4G2BeTrYoRbBp\/WaaFXbzshykXpiLrkTQimbag
\nmW4WXW\/imOO3OKjyHTaGUsc6dypFzxDUOO5QmRrVq0d7v+HnVc1eccayj2aIfOyg
\nSpI2SguLY8wez2t3gdM5qAel7+9CKPk8NYQElBYO7wdbE3wgPmF2VkAou\/PNuVlU
\nKBlODcliJSbtn6NBcmViGoUVZrMBvpDF\/HZR22B1p01r35ie\/trsBr4rxR5AD2hK
\nMVjYYrou+33rGQenvtz\/Dl+PjfHTa6X8Wz9FtTYGPMwoHZI3XhPoRWrGc5zWuxOo
\nNfb2PtqPd8fvzqiLJqC1Tg8bJrQwjbU3jAblN\/l8JmxPyTnDoN+7+lPXTycglyi1
\na7HrnhPs1AuIg8k4dSdzh+PyCUxChP++\/a2R9mdqZNlwKkqInXwTO0H+It\/PfYib
\ni4o4zAGALMMnFvugm6LnfVNStC4Meffj0kin9vsAzS8zokD5woObMbV3QGANxiHh
\n3vjdqRs0dq8tu0rISHt7t15LHJx\/JtyAqVRBGj0PLGt931BSleZNMjH+kt0R\/2gS
\nOGMvd71mK+imljGIxxMv96Kg7UkdcyAQ\/QKl2sbtPwBEP10uzFS2IDKEuzTqrSTg
\nlA4cXehDRQb+yXHn\/juRlCl3HmccM9JfZk3Y8cl\/0eeh4WrjAHMVii27Ng2r23LJ
\nsD2Uub0\/7UVLiM\/m89LXUbSFVWGoddi0irbbVoQ8RTg86s+WngY\/HfbxXQ0Ep0yF
\nK3kkhioCpWwwLZrKOn1HmVGCZlC26yff5v6JxdfO8cSQw6u4EJUA6RkwiMlaUqF+
\nptKA0Jeh3bwWDqKMxFxFhf2edMCZELM1YewxOnIuaipK2djnMwLR+qfX07\/7gs9L
\nyIIhu3UEdZR4e0s+D147gRKnwmPjfkiHEginvm1Xc8p2MFhcx+U8rwMBiPd3pz03
\nW+M0XEfjiBKG351OqLSKiQubXs12J2NryDSFEN4wi3jqRtpo5\/Fu8BG9MQIfCCwb
\neuo5eWREhB5M6Itpu7kvesJ9deVrzCcSz8UfaJRSn2kaaDQu05\/hvpanF8v+5WCa
\nr5mLNRySKQn7LGxo6BHGk2VBsk8qKVcQRJU5sYuPTudRJ5aMnHyT5LOhT1OvhkqG
\nun06tKGcQ7LH9y3xjeIL4a5r8I5rjxLbj80wr59Gm9QGWVJBCfMgNoXKHBD5dC6V
\nelkil7ZwpGGJCMwzM7yr\/aE\/k2f9+TBLE9\/MVnltBGst4MdYTbWU\/\/+n5KTsmMYC
\nNxCh8LcATVsWF5nZDfhdoDWcyCxb\/GBhyR\/YKrvGnPZhUc4+MD0wITAJBgUrDgMC
\nGgUABBRMSDUwmkkbl5LPYdjT8v4o7ftOLQQUt6zHqDbK6eagb1gujtWZmFqednoC
\nAgQA
\n—–END PKCS12—–
\nciscoasa(config)#<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

Having already generated the RSA key-pair on the ASA with “crypto key generate rsa mod 2048”) create a trustpoint for the VPN users, generated an SSL cetificate and CSR and have received the signed X.509 certificate and CA and intermediate SSL certificates, the certificate and CA certs will need to be installked onto the Cisco […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[27,71],"tags":[56],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2024"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2024"}],"version-history":[{"count":2,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2024\/revisions"}],"predecessor-version":[{"id":2102,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2024\/revisions\/2102"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2024"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}