Problems importing SSL certificate to ASA 7.2

Unanswered Question
Jan 8th, 2008
User Badges:

Hi all,


I cannot install the SSL certificate we purchased onto my ASA. Here are the messages I'm getting:


Can not select my public key (ssl.key)

Received General Purpose certificate for signature keypair


Do you wish to accept this certificate? [yes/no]: yes


Cannot import certificate -

Certificate does not contain device's General Purpose public key

for trust point ComodoSSL.trustpoint

ERROR: Failed to parse or verify imported certificate


The vendor from which we purchased the cert sends two other certificates with it; one is a Root CA cert and the other an Intermediate CA cert. On my old VPN 3015, I had to install both of these as Certificate Authorities. I can't figure out how to do this on the ASA. I can authenticate my trustpoint using either CA cert, but not add the other. I'm wondering if this is causing the error when importing the SSL cert.


Any help would be appreciated!


Thanks,

- Steve


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
amritpatek Mon, 01/14/2008 - 13:21
User Badges:
  • Silver, 250 points or more

It looks like you don't have the keypair which you used to generate the certificate request saved on the device so when you try to import the device certificate it complains that it doesn't have the keypair associated with the device certificate that you are trying to import.


rstevek Mon, 01/14/2008 - 13:43
User Badges:

Hi,


I opened a ticket with TAC on this. I had generated a "usage" keypair on the ASA, and the vendor seems to have issued me a cert that expected a "general-use" key.


TAC advised me to just generate another general-user keypair and get a new cert, which is what I did. I had no problem that time.


Thanks,

- Steve


Actions

This Discussion