Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
0
Helpful
1
Replies

Error message for Ca help

n.tan
Level 1
Level 1

‎10-27-2007 11:41 PM - edited ‎03-09-2019 07:07 PM

Hi,

Can anyone advise me on what is the cause of the problem (Manually install 3rd party Vendor for use with WebVPN configuration version 8.0) ?

i have follow the configuration example and found this error message via CLi

Appreciated any kind reply.

FO: Certificate has the following attributes:

Fingerprint: 713cdfee 53530e1e 06fa7a41 b78a7779

Do you accept this certificate? [yes/no]: y

Trustpoint 'xx.Entrust.TrustPoint' is a subordinate CA and holds a non self-signed certificate.

Trustpoint 'xx.Entrust.TrustPoint' is a subordinate CA.

but certificate is not a CA certificate.

Manual verification required

Trustpoint CA certificate accepted.

% Certificate successfully imported

PHS-ASA(config)# CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND

CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 469C84D9, subject name: cn=xxxx.xxxx.com.xx,ou=IT,o=xxxxxxxx,l=xxx,c=xx.

CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND

Current Certificate list contents:

Certificate 1:

SERIAL: 469c84d9

ISSUER: cn=Entrust.net Secure Server Certification Authority,ou=(c) 1999 Entrust.net Limited,ou=www.entrust.net/CPS incorp. by ref. (limits liab.),o=Entrust.net,c=US

CRYPTO_PKI: crypto_process_ra_certs(trust_point=PW.Entrust.TrustPoint)INFO: Certificate has the following attributes:

^

PHS-ASA(config)# ISSUER: cn=Entrust.net Secure Server Certification Authorit$

ISSUER: cn=Entrust.net Secure Server Certification Authority,ou=(c) 1999 Entrust.net Limited,ou=www.entrust.net/CPS incorp. by ref. (limits liab.),o=Entrust.n

et,c=US

Labels:
0 Helpful
1 Reply 1

tstanik
Level 5
Level 5

‎11-01-2007 03:35 PM

If you get a certificate from a trusted 3rd party (i.e. Verisign/Thawte/etc.) to install on the appliance then you shouldn't get the certificate warning pop-ups for anything that's encrypted by the SSL VPN appliance. For some certificates manual install maybe the only way. You need to check with the issuer of certificate for a such problem.

0 Helpful
Customers Also Viewed These Support Documents