Create Trustpoints for Each Certificate Being Installed
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see SSL Certificate CSR Creation for Cisco ASA 5500 VPN.
As a way of helping you to manage the certificate chain that will be sent out to clients, you are required to create a trustpoint for each certificate in the chain that is sent out. You will first need to create trustpoints for the two intermediate certificates ÃÛÌÒTVCA2.crt, and ÃÛÌÒTVCA.crt
-
Open the Cisco ASDM, then Under the Remote Access VPN window pane, then in the Configuration tab, expand Certificate Management and click 'CA Certificates'.
-
Click the 'Add' button.
-
Assign a 'Trustpoint Name' to the certificate (e.g. ÃÛÌÒTVCA2), And select the 'Install from a file' Radio Button and browse to ÃÛÌÒTVCA2.crt. Then click 'Install Certificate'.
Then repeat this process of adding a new trustpoint and installing the certificate file for 'ÃÛÌÒTVCA.crt'.
You should then see the Certificate listed with the Trustpoint Name you assigned to it. -
Then under Remote Access VPN, expand 'Certificate Management' to 'Identity Certificates'.
Select the identity you created for the CSR with the 'Expiry Date' shown as pending and click Install, then select yourdomaincom.crt and click Install ID Certificate File. Once installed the Expiry Date will no longer show 'Pending'.
-
The certificate now needs to be enabled. On the lower left, click Advanced > SSL Settings. Then, select the interface you want SSL enabled for and click Edit.
-
On the next screen, click the drop-down menu and for Primary Enrolled Certificate select your certificate then click Ok.
The ADSM will then show your certificate details under trustpoint.