It's not clear from your post as to exactly what you need the certificate for.
If you are trying to use a specific certificate to secure the WSA HTTPS GUI, you can import your own server certificate using the CLI -> certconfig command.
If you're referring to the WSA decryption certificate, you'll need to generate a Root certificate or intermediate certificate and key from your corporate CA server and import them in the WSA GUI in the HTTPS service config.
OK, one possibility is import my corporate CA root certificate, because it is well-know for my clients (broswers). But it has one security issue, I must import to WSA private keys and I don't want it.
I think, better is generate certificate for WSA using my weel-know corporate CA. In this case will be certificate trusted for all clients and it has no security issue.
My question was to second part. If WSA can't generate CSR I will generate RSA keys and CSR on another machine (for example any linux) and my corporate CA will generate certificate for WSA. After then I will import private key with WSA cert to WSA. (and of course private key from linux will be deleted and never used for other purpose as WSA).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...