Error message for Ca help

Unanswered Question
Oct 27th, 2007
User Badges:

Hi,


Can anyone advise me on what is the cause of the problem (Manually install 3rd party Vendor for use with WebVPN configuration version 8.0) ?


i have follow the configuration example and found this error message via CLi


Appreciated any kind reply.


FO: Certificate has the following attributes:

Fingerprint: 713cdfee 53530e1e 06fa7a41 b78a7779

Do you accept this certificate? [yes/no]: y


Trustpoint 'xx.Entrust.TrustPoint' is a subordinate CA and holds a non self-signed certificate.


Trustpoint 'xx.Entrust.TrustPoint' is a subordinate CA.


but certificate is not a CA certificate.

Manual verification required

Trustpoint CA certificate accepted.


% Certificate successfully imported

PHS-ASA(config)# CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND

CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 469C84D9, subject name: cn=xxxx.xxxx.com.xx,ou=IT,o=xxxxxxxx,l=xxx,c=xx.


CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND

Current Certificate list contents:

Certificate 1:

SERIAL: 469c84d9

ISSUER: cn=Entrust.net Secure Server Certification Authority,ou=(c) 1999 Entrust.net Limited,ou=www.entrust.net/CPS incorp. by ref. (limits liab.),o=Entrust.net,c=US

CRYPTO_PKI: crypto_process_ra_certs(trust_point=PW.Entrust.TrustPoint)INFO: Certificate has the following attributes:

^

PHS-ASA(config)# ISSUER: cn=Entrust.net Secure Server Certification Authorit$


ISSUER: cn=Entrust.net Secure Server Certification Authority,ou=(c) 1999 Entrust.net Limited,ou=www.entrust.net/CPS incorp. by ref. (limits liab.),o=Entrust.n

et,c=US





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tstanik Thu, 11/01/2007 - 15:35
User Badges:
  • Bronze, 100 points or more

If you get a certificate from a trusted 3rd party (i.e. Verisign/Thawte/etc.) to install on the appliance then you shouldn't get the certificate warning pop-ups for anything that's encrypted by the SSL VPN appliance. For some certificates manual install maybe the only way. You need to check with the issuer of certificate for a such problem.

Actions

This Discussion