Installing an SSL Certificate on a Cisco Router

How to request and install an SSL Certificate on a Cisco router.

Create a new trustpoint

R01(config)# crypto pki trustpoint vpn.example.com-2019
R01(ca-trustpoint)# enrollment terminal
R01(ca-trustpoint)# serial-number none
R01(ca-trustpoint)# fqdn vpn.example.com
R01(ca-trustpoint)# ip-address none
R01(ca-trustpoint)# $subject-name CN=vpn.example.com,O=Example,OU=IT,L=Guernsey,ST=Guernsey,C=GG
R01(ca-trustpoint)# revocation-check none
R01(ca-trustpoint)# exit

Generate CSR Request

R01(config)# cry pki enroll vpn.example.com-2019

% Start certificate enrollment ..

Send the generated CSR to a certificate authority, then download the certificate and the intermediate certificate in base 64 format.

Import the certificates

R01(config)# crypto pki authenticate vpn.example.com-2019
Enter the base 64 encoded CA certificate.
End with a blank line or the word “quit” on a line by itself
Trustpoint ‘vpn.example.com-2019’ is a subordinate CA and holds a non self sgned cert
Certificate has the following attributes:
Fingerprint MD5:
Fingerprint SHA1:

% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Certificate successfully imported

R01(config)# crypto pki import vpn.example.com-2019 certificate
Enter the base 64 encoded certificate.
End with a blank line or the word “quit” on a line by itself
% Router Certificate successfully imported

Reconfigure the SSL-VPN to point to the new trustpoint

R01(config)# webvpn gateway Cisco-WebVPN-Gateway
R01(config-webvpn-gateway)# ssl trustpoint vpn.example.com-2019
R01(config-webvpn-gateway)# end