Error(misconfiguration) implementing stronger encryption key on Cisco ASA5508 running FTD v6.2.3.

Shared step by step of how implement a stronger encryption key on Cisco ASA5508 running FTD v6.2.3.

Step 1: Generate a new private key and certificate signing request (CSR).
 
To do this, you can use the following OpenSSL commands:
  

openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out csr.pem

 
Step 2: Submit the CSR to a trusted certificate authority (CA).
 
There are many different CAs available, and the process for submitting a CSR will vary depending on the CA you choose. However, most CAs will have a website where you can submit your CSR and obtain a signed certificate.
 
Step 3: Import the signed certificate into the ASA5508.
 
To do this, you can use the following FTD CLI command:
 
 

ftd --import-certificate --certificate <certificate.pem> --private-key <key.pem>

 
Step 4: Configure the ASA5508 to use the new certificate.
 
To do this, you can use the following FTD CLI command:
 
 

ftd --set-webserver-ssl-certificate <certificate.pem>

 
Step 5: Restart the ASA5508.
 
To do this, you can use the following FTD CLI command:
 

ftd --restart

 
 
If you are using the FDM, you can follow these steps to import the signed certificate and configure the ASA5508 to use it:
 

1. Log in to the FDM.
2. Click Configuration > Firewall > Web Server > SSL Settings.
3. In the SSL Certificate drop-down list, select the new certificate that you imported.
4. Click Save.

Source

Install and Renew Certificate on FTD Managed by FDM - Cisco