Installing new ssl certificate

Unanswered Question
Apr 30th, 2007


I have been asked to install a new ssl certifiacte on a Pix 515e. I believe the current certifcate was made in house and they now want to change this to a geotrust certificate. I've trauled through this forum and have found a few articles etc but am still unsure, Could anyone point me in the right direction?

Kind Regards

J Mack

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
johnnymac Tue, 05/01/2007 - 00:10


I'd be really grateful for some advice on this if anyone can help.

Many Thanks

J mack

sachinraja Tue, 05/01/2007 - 00:26

Hello Johnny,

I dont see any problems in this.. anyway, what purpose are you going to use this certificate ? Do you have SSL VPNs configured or some other kind of https interface to the firewall ? This will not hamper any performance.. i hope u have the docss to enable the new certificate.. you can use the ASDM for this...

1. Import certificate

- Navigate to Properties > Certificate > Import Certificate.

- Select your trustpoint.

- Import the certificate issued to you by Verisign either by uploading the file or cut and paste.

5. Apply the certificate to a specific interface (likely your outside


- Navigate to Properties > SSL.

- At the bottom half, select the interface. Click Edit.

- Select your trustpoint.

Hope this helps.. all the best.. rate replies if found useful..


johnnymac Tue, 05/01/2007 - 00:49


Thanks alot for your response, the certificate is for a citrix web interface. just to clarify i'll just need a valid certifiacte from in this case from geotrust which i save locally then import through asdm?

Can i just ask what i should be selecting as my trustpoint?

Kind Regards

J Mack

johnnymac Tue, 05/01/2007 - 01:20


Thanks again, sorry to be a pain but my CCO login is not working for that document? I've just logged into fine but when navigating to that url it's asking me for my CCO and not taking it?


J Mack

sachinraja Tue, 05/01/2007 - 01:25


you will need to contact your cisco partner to get your PICA CCO ID. they will give u this, if u have got a lot of cisco products.. anyway , am attaching the pdf version of the document..

Hope this helps. rate replies if found useful..


johnnymac Tue, 05/01/2007 - 01:30


Great thank you. I have a CCO already that allows me to get lastest software, ios etc, Do I just need extra permissions or something? It's just seems strange that they let me have the good stuff like the ASDM software and hold back on docuemtation, which is useless unless you already have the hardware to configure.

Anyway, Many thanks for your help.

J Mack

johnnymac Tue, 05/01/2007 - 02:01

Sorry, one more quick question, for aquiring the licence do I generate the hash file from the PIX?


J Mack

Jon Marshall Tue, 05/01/2007 - 02:02

Hi Johnny

Just for future reference. Generally you can just substitute the "partner" bit of the url ie.

Raj sent you this link

Just change the "partner" bit to "customer"

You still need you login but it should work.



johnnymac Tue, 05/01/2007 - 02:36

Superb got straight in. Thanks a lot,

I don't suppose you know if im supposed to generate the hash file for requesting the certificate on the the PIX?

Many Thanks

J Mack


This Discussion