Obtaining ssl certificates – Cisco VPN 3002 User Manual
Page 154
Obtaining SSL Certificates
If you use a secure connection between your browser and the VPN 3002, the VPN 3002 requires an SSL
certificate. You only need one SSL certificate on your VPN 3002.
When you initially boot the VPN 3002, a self-signed SSL certificate is automatically generated. Because
a self-signed certificate is self-generated, this certificate is not verifiable. No CA has guaranteed its
identity. But this certificate allows you to make initial contact with the VPN 3002 using the browser. If
you want to replace it with another self-signed SSL certificate, follow these steps:
Step 1
Display the Administration | Certificate Management screen. (See
Step 2
Click Generate above the SSL Certificate table. The new certificate appears in the SSL Certificate
table, replacing the existing one.
If you want to obtain a verifiable SSL certificate (that is, one issued by a CA), follow the same procedure
you used to obtain identity certificates. (See the
Enrolling and Installing Identity Certificates
section.)
But this time, on the Administration | Certificate Management | Enroll screen, click SSL certificate
(instead of Identity certificate).
Some web servers export their SSL certificates with the private key attached. If you have a
PEM-encoded certificate with a corresponding private key that you want to install, follow the same
procedure you used to obtain identity certificates. (See the
Enrolling and Installing Identity Certificates
section.) But this time, on the Administration | Certificate Management | Installation screen, click Install
SSL certificate with private key (instead of Install certificate obtained via enrollment).