Digital certificates can be used to authenticate network devices and users on the network. They can be used to negotiate IPsec sessions between network nodes.The Cisco ASA can use pre-shared keys or digital certificates provided by a third-party Certificate Authority (CA) to authenticate IPsec connections.
In order to configure the ASA with a certificate from the Microsoft CA server, refer to How to Obtain a Digital Certificate from a Microsoft Windows CA Server for more information on the procedures necessary to automatically obtain a digital certificate from a Microsoft CA for the ASA. It does not include the manual method of enrollment. This document uses the Adaptive Security Device Manager (ASDM) for the configuration steps, as well as presents the final command-line interface (CLI) configuration.