1.      Sign onto AA-DC01 and launch ASDM. IP is 10.10.10.1. Credentials are in PWstate under AAIM-CORP-FW.

2.      Select Configuration – Remote Access VPN - Certificate Management – Identity Certificates – Select the currently active certificate – Select Add – Select “Add a new identity certificate” – Select the Key Pair drop down and choose the keypair that is associated with the identity certificate. In this case, it is “SSL-VPN”.

3.      Next, choose Select…

4.      In the following box, enter the following attribute, then select OK.

5.      Select Add Certificate.

6.      Select Browse and save it to C:\Certificates and provide it a name with .txt on the end. Select Save As and then select OK then OK again when you see “The CSR was saved Successfully.”

7.      Browse to the location of where you saved your CSR and open the .txt file and copy the entire contents to your clipboard. Next sign into Onelogin and choose GoDaddy. From there select the Icon with the nine squares next to My Account and choose SSL Certificates. In the Search Domains box, type in anyconnect.aaimllc.com and select the SSL in the darker grey box. Scroll down to the middle of the page and beneath Manage Certificate choose Re-Key your certificate. In the box that says Paste your CSR here, paste in the contents of your clipboard from earlier and select Add Change. Now select Submit All Changes.

8.      Your newly re-keyed certificate will take a couple of minutes to be available. Keep refreshing the page until you see the status say Certificate Issued. Next, check the Current Certificate Validity Period section and make sure it begins with today’s date and extends out to the expected amount of time—in this case one year.

9.      Once it is ready, look to the right and find the Download Certificate box. Under the Server Type drop-down, pick Other and download the ZIP file to your local computer. Copy the ZIP file to the C:\Certificates folder in AA-DC01 and extract it within the same directory.

10.      Back in ASDM, select the new certificate and then select Install.

11.      Select Browse, search your C:\Certificates folder, and go into the folder you extracted earlier. The certificate you want to select has the numbered name. Next, select Install ID certificate file.

12.      You will now see the specified file listed in the Install from a file bar. Select Install Certificate. After a moment, you will then see Certificate Import Succeeded. Select OK.

13.      Back in ASDM, go to Configuration – Device Management – Advanced – SSL Settings. From here, under Certificates, scroll down to the outside interface and select Edit.

14.      Select the Primary Enrolled Certificate drop-down and choose the newly created TrustPoint and hit OK. Select Apply (found in the middle bottom of the screen). At the top, select Save to save the new configuration. Do not update the Load Balancing Enrolled Certificate.

15.      Wait a moment and then browse to https://anyconnect.aaimllc.com/ and check your new SSL by clicking the lock icon next to the URL, then select Connection is Secure, then Certificate is Valid. In the certificate window, check the Valid from date. If the date matches with what you expect, then it worked. Now test the AnyConnect application. If all works fine, then you have successfully updated the SSL for anyconnect.cradlegenomics.com.

16.      Don’t forget to save the new configuration.