Skip to main content

How is the Chain Certificate installed on a Cisco ASA appliance?

NOTE:
As of November 12, 2024, Entrust introduced a new TLS certificate hierarchy as part of the deployment. The TLS certificate delivery now includes two certificate chains. The delivery of these certificate chains can be in the form of:

  • Individual files. Intermediate 1 (filename: intermediate1.crt ) and Intermediate 2 (filename: intermediate2.crt ) or
  • Concatenate PEM file (filename: CertificateBundle1.pem/CertificateBundle2.pem ) or
  • P7B format file (filename: Certificatebundle.p7b )

Both intermediate/chain certificates must be installed in your environment.

Question:

Answer:

To install the  Chain Certificate on a Cisco ASA appliance make sure that you have, complete the following steps:

Notes:

- The  chain certificate installation steps includes two chain certificates. Please make sure you have already downloaded the Intermediate1 and Intermediate2 certificates from Entrust certificate pick up link.

- If the Intermediate1 and Intermediate2 certificates have already existed on the device then you don’t need to install it again because the device will reject it.

- These steps are based on Cisco ASDM 7.3 and ASA 5510.

In the Cisco ASDM Configuration Tool, select Configuration > Device Management > Certificate Management > CA Certificates.

Click Add. The Install Certificate dialog box appears.

  • Enter a Trustpoint Name or keep the default. The chain certificate must be installed on a different Trustpoint than the original request.
  • Click the Install from a file radio button. Enter the path and file name of the Intermediate2 certificate , or click Browse to search for the file.
  • Click Install Certificate.

  • In the CA Certificate Installation dialog box, click OK.

  • The Intermediate2 Certificate should now appear in the list of CA Certificates.

  • Repeat the above steps for installing the Intermediate1 Certificate
  • After both chain certificates have been installed, click on Save button.