Network Guys

Share your knowledge!

Import Domain certificate from RootCA to your Cisco router

Today I will show you how to import a signed domain certificate from your own Domain Root Certification Authority. First we will generate a certificate for the Cisco router. I needed this for the WebVPN gateway to connect SSL VPN user. In my example, we will use ““. You need a working RootCA in your windows domain. Go to the server via RDP and open the IIS management console. Go to the server certificates:


choose “Create Domain Certificate”


create the new certificate with the suitable name.


choose your RootCA and a friendly name for your certificate


Now we will export the certificate to a pfx file containing the public certificate from your RootCA and the public and private certificate for your website / SSL VPN Gateway. We need to open the local computer certificate management console. Go to Start -> Run, type “mmc” and press Enter. Click on File -> Add/Remove Snap-In and choose “Certificates”. Choose “Computer account”, click Next, Finish and OK. Go to Personal -> Certificates and export your new certificate:


export the private key


choose “include all certificates…” because we need the public certificate from your RootCA


choose a password for export. In my case I used MyPasswordABC123. Save the file as sslvpncert.pfx on your desktop.



Copy the .pfx file to your Cisco router via TFTP. I always use TFTPD32 for this.

copy tftp flash

crypto pki import pkcs12 sslvpncert.pfx password MyPasswordABC123

Reading file from usbflash0:sslvpncert.pfx
% You already have RSA keys named
% If you replace them, all router certs issued using these keys
% will be removed.
% Do you really want to replace them? [yes/no]: yes
CRYPTO_PKI: Imported PKCS12 file successfully.

now change to the new certificate:

webvpn gateway CompanySSLgateway
ip address port 443
ssl trustpoint

go to https://yourserveraddress to see if the certificate is bounded to the webserver. If you have any problems or suggestions, please write it in the comments below.

Leave a Reply

Click on the button to load the content from

Load content

This site uses Akismet to reduce spam. Learn how your comment data is processed.


ekahau Certified Survey Engineer
Post Categories
Post Archives