Importing certificates on a PIX

Unanswered Question

I am doing some lab work with PIX version 7.22 and wildcard certificates. I have installed a certificate on a Microsoft IIS server and then exported this as a .pfx file. I have then converted this file to a PKCS12 formatted .pem file using openssl.

If I import this file onto an ACS server everything is fine and the certificate is installed, however if I try to import the PKCS12 file to a PIX running version 7.22 using the command CRYPTO CA IMPORT TEST.COM PKCS12 PASSWORD and then paste the PKCS12 text into the console I get the following message - ERROR: Unable to convert the base 64 encoded pkcs12.

If I edit the PKCS12 file and only keep the entries between the dashed lines I get this message - ERROR: Import PKCS12 operation failed.

If I copy the .pfx file that I exported from the IIS server onto the flash card of a 2600 router and enter the command CRYPTO CA IMPORT *.TEST.COM PKCS12 FLASH:PKCS12.pfx PASSWORD the import works. If I try to cut and paste the PKCS12 text using the command CRYPTO CA IMPORT *.TEST.COM PKCS12 TERMINAL PASSWORD it fails.

Unfortunately the PIX doesn't appear to have the ability to import from a .pfx file.

I have even tried the ASDM on the PIX but it still doesn't work.

Can anyone help me to import this certificate?

I have searched the net to see if I need to format the file in some way or change the conversion but I can't find anything.

I know the PKCS12 file is OK because the ACS server imports it without a problem, and I know the .pfx is OK because the router imports it without a problem.

Any help would be very much appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion