Please refer to the steps to apply Let’s Encrypt SSL Certificate for Cisco AnyConnect VPN
Export the PFX from Windows
Select Encryption = TripleDES-SHA1
Convert the PFX to base64
openssl base64 -in aventislab.pfx -out aventislab.base64
#View the content of cert.base64
cat aventislab.base64
Import the Let’s Encrypt SSL Wildcard Certificate to Cisco ASAv
crypto ca import vpn.aventislab.com pkcs12 XXXXX (XXX - Password to open the pfx file)
Enter the base 64 encoded pkcs12.
End with the word "quit" on a line by itself:
PASTE ALL CONTENT FROM THE OUTPUT FROM CAT aventislab.base64
quit
INFO: Import PKCS12 operation completed successfully
Verify the Let’s Encrypt Cert is installed successfuly
sh crypto ca certificates
Certificate
Status: Available
Certificate Serial Number: 03bb65a8a4a4905b35144a112a61c6b3a69f
Certificate Usage: General Purpose
Public Key Type: RSA (2048 bits)
Signature Algorithm: SHA256 with RSA Encryption
Issuer Name:
cn=Let's Encrypt Authority X3
o=Let's Encrypt
c=US
Subject Name:
cn=*.aventislab.com
OCSP AIA:
URL: http://ocsp.int-x3.letsencrypt.org
Validity Date:
start date: 14:11:27 MYT Mar 4 2020
end date: 14:11:27 MYT Jun 2 2020
Storage: config
Associated Trustpoints: vpn.aventislab.com
Assign the Let’s Encrypt Cert to Outside Interface
ssl trust-point vpn.aventislab.com outside
Go to https://vpn.aventistech.com to verify the Let’s Encrypt Certificate is installed successfully
